d3526432155878bb3c671dab8f85c3fa70c398b02981568f0f191cc00675bf28[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d3526432155878bb3c671dab8f85c3fa70c398b02981568f0f191cc00675bf28.exe
Size

1012KB
MD5

d70ee849cd925898bfdba5e55655a129
SHA1

d0961439e4fee367c0549e31a830cb21d2be06a3
SHA256

d3526432155878bb3c671dab8f85c3fa70c398b02981568f0f191cc00675bf28
SHA512

1721bfe3169df91b737f1625b4353f5cdbc22139615c657469c8a9efb0084af60761514a20d1c9200037815ad5c66ebc9168f93197bc2cc952dbe9e961eb3649
SSDEEP

24576:IoeAbVE5fzJzDXbptl7do60OegX7Ao9nWXnMvQot:0Aa5hdD0Erv9n

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3526432155878bb3c671dab8f85c3fa70c398b02981568f0f191cc00675bf28.exe

Files

d3526432155878bb3c671dab8f85c3fa70c398b02981568f0f191cc00675bf28.exe
.exe windows:6 windows x64 arch:x64

d1eceeabc85690c3cdc932ba43de0ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\idaxp\Desktop\source\valorant_non_esp\usermode\x64\Release\valosp.pdb

Imports

kernel32

VirtualAlloc
CreateFileW
GetCurrentThreadId
GetModuleHandleA
CloseHandle
GetProcAddress
GetCurrentProcessId
GetTempPathW
SetLastError
SetPriorityClass
SetConsoleTitleA
GetCurrentProcess
OutputDebugStringA
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GlobalAddAtomA
GetLastError
Process32NextW
Process32FirstW
HeapReAlloc
CreateThread
HeapAlloc
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
GetConsoleWindow
GlobalFindAtomA
lstrcmpiW
CheckRemoteDebuggerPresent
VirtualFree
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetStdHandle
DeviceIoControl
IsProcessorFeaturePresent
SetConsoleTextAttribute

user32

GetWindowLongW
DefWindowProcW
GetWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
DestroyWindow
SetWindowPos
CreateWindowExW
GetSystemMetrics
UnregisterClassW
ShowWindow
IsWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
GetForegroundWindow
MoveWindow
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
SetWindowLongW
PostQuitMessage
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
SetCapture
LoadCursorW
ClientToScreen
GetCapture
GetActiveWindow
ScreenToClient

advapi32

RegCreateKeyW
RegSetKeyValueW
RegCloseKey
RegDeleteTreeW
RegOpenKeyW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

mysqlcppconn-9-vs14

?_get_driver_instance_by_name@mysql@sql@@YAPEAVMySQL_Driver@12@QEBD@Z
?check@@YAXAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
?check@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
wcsstr
memchr
strstr
__std_terminate
__std_exception_copy
memmove
__std_exception_destroy
memcpy

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_initterm
_initterm_e
_exit
_cexit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
exit
terminate
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
system

api-ms-win-crt-stdio-l1-1-0

ungetc
fgets
setvbuf
fgetpos
fgetc
_fseeki64
fputc
_pclose
_popen
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__p__commode
fsetpos
__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
ftell
_get_stream_buffer_pointers
__stdio_common_vfprintf

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
_localtime64_s
strftime
_localtime64

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
_stricmp
isprint

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wremove

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-math-l1-1-0

sinf
powf
sin
sqrtf
tanf
atan2f
ceilf
cos
cosf
floorf
pow
fmodf
__setusermatherr

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1eceeabc85690c3cdc932ba43de0ee9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

imm32

ntdll

dwmapi

d3d9

mysqlcppconn-9-vs14

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 509KB - Virtual size: 508KB

.data Size: 144KB - Virtual size: 148KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 380B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 509KB - Virtual size: 508KB

.data
Size: 144KB - Virtual size: 148KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 380B