92aaf20237118963656ca9006013e1bd613c2762b2ce7fb5718ac893ddff42ad

Sharing

Copy URL Twitter E-mail

General

Target

92aaf20237118963656ca9006013e1bd613c2762b2ce7fb5718ac893ddff42ad
Size

61KB
MD5

b619aefb6a4f91cacfa4e48cd9d1228f
SHA1

f2e066787764afcc556571f898f28f1465a302f9
SHA256

3e3ff3fbe91fd8f23c47b45139ad2cbd5758a6fa63f629c9a37cb7827fc16070
SHA512

15eb6b2f43020f44d0ef124299f3ee3cbc0a9a51ff21a7e90e37bf14ce318ce20374ae3cce75f48087725ee8689686f9033650b032d3d4c0d74d363b1b1dd45d
SSDEEP

768:vR6D+TojUfZaApqVv29bZxZ5CumbrPk92axJGSIyFy/zbbBBNE4Nv+mC6Y+1IkJo:vYD+TmkDp06luRhd1fE4NGm9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VALColorbot.exe

Files

92aaf20237118963656ca9006013e1bd613c2762b2ce7fb5718ac893ddff42ad
.zip
VALColorbot.exe
.exe windows:6 windows x64 arch:x64

604e3a9a86ded8ee6996259721c732ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\_Coding\VALColorbot\x64\Release\VALColorbot.pdb

Imports

kernel32

LocalFree
FindClose
FindFirstFileW
FormatMessageA
GetFileAttributesExW
GetLocaleInfoEx
Sleep
GetStdHandle
SetConsoleTextAttribute
AreFileApisANSI
CloseHandle
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW

user32

GetDC
TranslateMessage
ReleaseDC
GetKeyState
PeekMessageW
SetWindowsHookExA
DispatchMessageW
CallNextHookEx
SendInput
GetAsyncKeyState

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetObjectW
DeleteObject
BitBlt

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Cnd_do_broadcast_at_thread_exit
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
memcmp
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
fflush
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
_set_fmode
fwrite
fgetc
fclose

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass
_dsign
sqrt

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
strtod
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

clock

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.txt

Sharing

General

Malware Config

Signatures

Files

604e3a9a86ded8ee6996259721c732ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 324B

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 324B