d4095f8b2fd0e6deb605baa1530c32336298afd026afc0f41030fa43371e3e72

Sharing

Copy URL Twitter E-mail

General

Target

d4095f8b2fd0e6deb605baa1530c32336298afd026afc0f41030fa43371e3e72
Size

470KB
MD5

9416d7dc2ecdeda92ba35cd5e54eb044
SHA1

7d0f7d39d483230d270408f93668a443fc216bbb
SHA256

d4095f8b2fd0e6deb605baa1530c32336298afd026afc0f41030fa43371e3e72
SHA512

67728c8652b50f7b27a5d78e4c91b3e460c6e61bbd136f4fc0b48391505e0dc93f228ec02c3dabec50643fcac98bc93851ea44b3493572f2fdff5823a7842ce3
SSDEEP

12288:HaHSDG9T0wKs/1kTgLewy0okvdH5CHhgFe41NTv:HjGRpt1jbokvdH5CgpDTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4095f8b2fd0e6deb605baa1530c32336298afd026afc0f41030fa43371e3e72

Files

d4095f8b2fd0e6deb605baa1530c32336298afd026afc0f41030fa43371e3e72
.exe windows:6 windows x86 arch:x86

acfd234cb7e47f507073a5bec9cf7761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Code\Rust\RustDown-Belal\target\release\deps\RustDown.pdb

Imports

ntdll

RtlUnwind
RtlCaptureContext
VerSetConditionMask
RtlGetVersion

kernel32

GetProcessHeap
GetModuleHandleA
AcquireSRWLockShared
ReleaseSRWLockShared
GetEnvironmentVariableW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetStdHandle
GetConsoleMode
WriteConsoleW
TlsAlloc
Sleep
FormatMessageW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
HeapAlloc
InitializeCriticalSection
GetCurrentProcessId
CreateNamedPipeW
DuplicateHandle
TryEnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
MoveFileExA
GetEnvironmentVariableA
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
ReadFile
SetHandleInformation
CreateDirectoryW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
CloseHandle
GetEnvironmentStringsW
HeapFree
FreeEnvironmentStringsW
CompareStringOrdinal
AcquireSRWLockExclusive
LeaveCriticalSection
CreateProcessW
ReleaseSRWLockExclusive
GetLastError
GetComputerNameExW
WriteFile
SetLastError
GetModuleFileNameW
EnterCriticalSection
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleW
HeapReAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
DeleteFileW
CopyFileExW

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

ws2_32

select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
connect
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getpeername
getsockname
send
WSAGetLastError
WSASocketW
recv
WSACleanup
WSAStartup
freeaddrinfo
bind
closesocket
getaddrinfo

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore

advapi32

CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptCreateHash
GetUserNameW
CryptGetHashParam
CryptReleaseContext

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp
strlen
isupper
wcslen
_strdup
wcsncmp
strspn
strcspn
strcpy
tolower
strpbrk
memset

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_set_new_mode
calloc

api-ms-win-crt-stdio-l1-1-0

fwrite
fseek
fread
fputc
fclose
fputs
_read
_write
__stdio_common_vsscanf
_close
feof
fgets
_set_fmode
ftell
_open
fopen
fflush
__stdio_common_vsprintf
__acrt_iob_func
__p__commode
_lseeki64

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
__p___argv
__p___argc
_exit
exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
terminate
_controlfp_s
_configure_narrow_argv
_beginthreadex
_seh_filter_exe
_crt_atexit
_set_app_type
__sys_nerr
strerror
_errno
_initialize_onexit_table
_register_onexit_function
abort

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtol
wcstombs
atoi

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlink
_fstat64
_access

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acfd234cb7e47f507073a5bec9cf7761

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

iphlpapi

bcrypt

ws2_32

crypt32

advapi32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB