C:\Windows\RzChromaSDK64.pdb
Static task
static1
1 signatures
General
-
Target
blake_booster_nova.rar
-
Size
138KB
-
MD5
fadbb4a87c2d32f8ab5aa23c4cb40bea
-
SHA1
95f327edf3e3819619fc8b57da9cf5c81631ff62
-
SHA256
1ab6b1d21a99ccc922e441087c992ff4d21a745bc91dac714ec9bdef151df3e9
-
SHA512
bba176c08d484cb6659ced72e34196c0e371a9bee33aeebae4ba5fecec4abd558e68d971ba54049edc26a54e4fb5ea09aba7afac1be1c168570e5e4272b9383e
-
SSDEEP
3072:A+omwK+UmF+qzwfMMDaTcqu6FfpnV4ZfsjAB3n7ruMKnS0jQWM0gOptmQhhM:romwvJFW1GTDftpOqw+Tnv0t0g3D
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Mysterious-nova/RzChromaSDK64.dll
Files
-
blake_booster_nova.rar.rar
-
Mysterious-nova/RzChromaSDK64.dll.dll windows:6 windows x64 arch:x64
359e62b5508f50a379668a9779b7a4ae
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtProtectVirtualMemory
kernel32
GetModuleHandleA
IsBadWritePtr
GetCurrentProcess
Beep
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
CreateFileW
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
user32
MessageBoxA
Sections
.text Size: 221KB - Virtual size: 221KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mysterious-nova/setup.txt