OST3NeVUcCJ4McJX[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

OST3NeVUcCJ4McJX.exe
Size

6.1MB
MD5

0c2b75e397fb08f2ad8d95b99775ffd8
SHA1

bbcfb20620f47d0dee90441f386dfed0a919df49
SHA256

2f680bab3a5e81eb1d1f89613a87bd4365cf276ea0ef81bda62c0f82d7937ef1
SHA512

9dcfaef2a51f5837bb3b73b5bea69c4e180393ba0a48e97458c1814f88a6c62031880a00cd94198154329e9fe46b64e3af1ea3c6ffa5596ec735374055eea4ed
SSDEEP

49152:YAVwASOZGtlqiyIU6ifADdqp4IC7SwzNhfXwj4qyqHHvxY/MX3U5BclWA3FPzvp0:41+y7H2EVElDPwp3p5DSnL3JLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OST3NeVUcCJ4McJX.exe

Files

OST3NeVUcCJ4McJX.exe
.exe windows:6 windows x64 arch:x64

cf8d543d01715ad28e7c4d27e35cd4df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

user32

GetWindowRect
ReleaseDC
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
GetCapture
OpenClipboard
SetWindowPos
GetDC
GetMessageExtraInfo
GetKeyState
UpdateWindow
PostQuitMessage
FindWindowW
TranslateMessage
SetLayeredWindowAttributes
PeekMessageW
DispatchMessageW
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetWindowThreadProcessId
CloseClipboard
MonitorFromWindow
ShowWindow
EmptyClipboard
GetClipboardData
SetClipboardData
IsIconic
MessageBoxW
GetCursorPos
GetProcessWindowStation
GetUserObjectInformationW
ScreenToClient

gdi32

CreateSolidBrush
GetDeviceCaps

urlmon

URLDownloadToFileA

kernel32

GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
WriteProcessMemory
SetWaitableTimer
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
InitializeCriticalSectionEx
WaitForSingleObject
OpenProcess
PostQueuedCompletionStatus
CreateEventW
Sleep
FormatMessageW
GetLastError
SetEvent
TerminateThread
CloseHandle
CreateThread
QueueUserAPC
DecodePointer
VirtualAllocEx
LocalFree
DeleteCriticalSection
GetModuleHandleW
SleepEx
CreateRemoteThread
GetSystemTimeAsFileTime
FormatMessageA
CreateIoCompletionPort
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
OutputDebugStringW
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GlobalAlloc
IsDebuggerPresent
GetStartupInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
TryAcquireSRWLockExclusive
GetLocaleInfoEx
RaiseException
RtlPcToFileHeader
SystemTimeToFileTime
GetSystemTime
GetFileSizeEx
VerifyVersionInfoW
PeekNamedPipe
ReadFile
GetEnvironmentVariableA
WaitForSingleObjectEx
GetSystemDirectoryW
GetTickCount
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
LoadLibraryW
RtlVirtualUnwind
ConvertThreadToFiberEx
ConvertFiberToThread
GetCurrentProcessId
GetACP
CreateFiberEx
DeleteFiber
SwitchToFiber
RtlUnwindEx
LoadLibraryExW
GetModuleFileNameW
WriteConsoleW
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleOutputCP
RtlUnwind
HeapAlloc
InitializeSListHead
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
VirtualFree
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
MoveFileExW
AreFileApisANSI
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetSystemDirectoryA

shell32

ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
SysFreeString
SysAllocStringByteLen
VariantCopy
SysStringLen
VariantChangeType
VariantClear
SysAllocString

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
gethostname
sendto
recvfrom
inet_pton
inet_ntop
htons
htonl
getsockopt
WSAWaitForMultipleEvents
closesocket
WSARecv
WSAAddressToStringW
connect
ntohs
getsockname
getpeername
WSAStartup
getaddrinfo
WSASocketW
WSASetLastError
listen
ntohl
select
WSASend
WSACloseEvent
WSAIoctl
bind
accept
__WSAFDIsSet
WSACleanup
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
recv
send
socket
shutdown
WSAResetEvent

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain

advapi32

CryptGetUserKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptAcquireContextA
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersA
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8d543d01715ad28e7c4d27e35cd4df

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

user32

gdi32

urlmon

kernel32

shell32

ole32

oleaut32

imm32

d3dcompiler_47

ws2_32

bcrypt

crypt32

advapi32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 64KB - Virtual size: 81KB

.pdata Size: 183KB - Virtual size: 183KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 64KB - Virtual size: 81KB

.pdata
Size: 183KB - Virtual size: 183KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 46KB - Virtual size: 46KB