c2877952d9728b0bfd28648900b87ef7da77e1a46bd034e497c84fcf7760b04c

Sharing

Copy URL

Twitter E-mail

General

Target

c2877952d9728b0bfd28648900b87ef7da77e1a46bd034e497c84fcf7760b04c
Size

1011KB
MD5

b2eac89ef813773a4edf613371e7f2a0
SHA1

cb3a0d237ac53bd472599864fba2e8076c50a3f3
SHA256

c2877952d9728b0bfd28648900b87ef7da77e1a46bd034e497c84fcf7760b04c
SHA512

cbbecc90ed1cf762fce7bb16fa3e161c6d4f19d9413d781f04f65855d90fc9ef26a98191a8188449633a7a58d5438fcf9cae33905f42a61b13c794b6e5aa14c2
SSDEEP

24576:ENluJwHhER0+IMSbailml11tmlNQ2OnBdFQtP51llPup33kT:ENywH80+ITo11tmlNQ2ayVup3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2877952d9728b0bfd28648900b87ef7da77e1a46bd034e497c84fcf7760b04c

Files

c2877952d9728b0bfd28648900b87ef7da77e1a46bd034e497c84fcf7760b04c
.exe windows:6 windows x64 arch:x64

8b4e1900daf89a58ec216584a5ed269a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\sh\ddvsm\0128_230433\cmd\1c\out\binaries\amd64ret\bin\amd64\bptoob\ScriptedHost\ScriptedSandbox64.pdb

Imports

advapi32

EventUnregister
EventRegister
EventWrite
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteTreeA
RegDeleteKeyValueW
RegDeleteKeyValueA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegCreateKeyExW
RegSaveKeyW
RegGetKeySecurity
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryInfoKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryInfoKeyA

kernel32

GetTempPathW
GetTempFileNameW
ReadProcessMemory
CreateEventW
WaitForSingleObject
GetCurrentProcess
ExitProcess
GetCurrentProcessId
GetOverlappedResult
WaitNamedPipeW
CreateFileW
DuplicateHandle
DecodePointer
SetEvent
LocalFree
OpenProcess
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
CreateThread
CreatePipe
WaitForMultipleObjects
VirtualQuery
VirtualProtect
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringW
HeapLock
GetVersionExW
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
InitializeCriticalSection
CompareStringA
GetFileAttributesExW
Sleep
GetTickCount
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
FindFirstFileW
ReleaseMutex
CreateMutexW
FindAtomW
AddAtomW
GetFileAttributesW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPopEntrySList
ReadFile
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetCurrentThread
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
GetModuleHandleExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
CloseHandle
CompareStringOrdinal
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryExW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
RaiseException
GetCurrentThreadId
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteFile

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
IsWindow
IsChild
GetFocus
SetFocus
GetWindow
PostMessageW
SetWindowPos
CharNextW
GetSysColor
GetClassNameW
SendMessageW
GetDlgItem
EndPaint
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
BeginPaint
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
SetWindowTextW
PeekMessageW
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
SetParent
AttachThreadInput
GetGUIThreadInfo
GetWindowThreadProcessId
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
GetDoubleClickTime
AllowSetForegroundWindow
GetMonitorInfoW
MonitorFromPoint
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
RedrawWindow

ole32

CoTaskMemFree
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
IIDFromString
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromCLSID
OleUninitialize
CoGetMalloc
CreateBindCtx
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCat
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
DispCallFunc
VariantChangeType
SysStringByteLen

shlwapi

PathIsRootW
PathRemoveFileSpecW
StrCmpIW
StrCmpNIW
PathFileExistsW
PathFindFileNameW
PathAppendW
StrStrW
ord176
ord12
PathCombineW

shell32

SHGetKnownFolderPath
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wer

WerReportCreate
WerReportAddFile
WerReportSubmit
WerReportAddDump
WerReportSetParameter
WerReportCloseHandle

urlmon

CreateUri

vcruntime140

__uncaught_exception
wcschr
strrchr
memcmp

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b4e1900daf89a58ec216584a5ed269a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

shlwapi

shell32

version

wer

urlmon

vcruntime140

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 252B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 252B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB