Static task
static1
General
-
Target
rogueshitcompany.exe
-
Size
334KB
-
MD5
e4e61498230af950dabfc53b30258e9e
-
SHA1
c7d0da52241cd0f04aa17c6e422d6efb158e8118
-
SHA256
a1b15d92befca4482c11077bd74254ab2ccd05db5dcc67c0d52331f2bb837f91
-
SHA512
5e76c91a56a38fcf44c692aca9f7f3ea756eddc0d7b672feae5ffa4467b19bc7572962e30ab39691fe733749788093ff209a61875089d8e78517f59eb5f2b913
-
SSDEEP
6144:7zg8JOEDyP7wTzhsd7H/Bs2zl8QUX3Iwb20v7nBJT2JU:/J5kAyy25fUX3Ic7nBJT6U
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource rogueshitcompany.exe
Files
-
rogueshitcompany.exe.exe windows:6 windows x64 arch:x64
15e3798b10ee883dc59d3f2abe06812b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
Sleep
CreateThread
InitializeSListHead
lstrcmpiA
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MultiByteToWideChar
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileW
DeviceIoControl
GetSystemTimeAsFileTime
user32
PostQuitMessage
PeekMessageA
GetWindowThreadProcessId
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
LoadIconA
CreateWindowExA
TranslateMessage
mouse_event
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
RegisterClassExA
SetCursor
SetCapture
ClientToScreen
GetCapture
GetActiveWindow
GetClientRect
msvcp140
??Bios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
dwmapi
DwmExtendFrameIntoClientArea
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
d3d9
Direct3DCreate9Ex
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
memset
__C_specific_handler
__current_exception_context
__current_exception
memmove
__std_exception_copy
memcpy
memcmp
memchr
__std_exception_destroy
strstr
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0
fflush
ftell
__p__commode
fwrite
fseek
_set_fmode
__stdio_common_vsprintf_s
_wfopen
__stdio_common_vsprintf
fclose
fread
__stdio_common_vsscanf
api-ms-win-crt-string-l1-1-0
strcmp
strncpy
_stricmp
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-heap-l1-1-0
free
malloc
_set_new_mode
_callnewh
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-runtime-l1-1-0
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
system
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
_invalid_parameter_noinfo_noreturn
terminate
_configure_narrow_argv
_crt_atexit
_initialize_narrow_environment
exit
_set_app_type
_register_onexit_function
_initialize_onexit_table
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
atan2f
ceilf
cosf
fmodf
acosf
tanf
sinf
sqrtf
powf
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 267KB - Virtual size: 266KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 308B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ