H:\multiloader\bin\Release\inj.pdb
Static task
static1
1 signatures
General
-
Target
TH291CGHDY3b.exe
-
Size
6.8MB
-
MD5
258982772104336dd7dc9a1450ce29dd
-
SHA1
ae57294ec0a08cb39817ff9f4d77dc25faeb53ba
-
SHA256
d0e3b88bf2b3fc1b5a899866c57440d3c853658d9723ea7f80cf62c0c3f3395f
-
SHA512
9137aa66fb4b6e86194d239f199d92e572573fb9e7a53484b50465ce7b7911895bd18370e66f0ec15fdb2968834f3e34e1c6e411c93911815dbc8c0afc3b9f0c
-
SSDEEP
196608:Z3qD1hus3Ajd0szh1hHUpH/729ensfbQ3:Zihojd0s9U+2sfs3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TH291CGHDY3b.exe
Files
-
TH291CGHDY3b.exe.exe windows:6 windows x64 arch:x64
5e2a014816675b22eb6b91f64ea63d4b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
SetPriorityClass
GetCurrentProcess
GetShortPathNameW
TerminateProcess
SetThreadPriority
GetEnvironmentVariableW
OpenProcess
MultiByteToWideChar
GetCurrentThread
lstrcatW
lstrcpyW
DeleteFileW
GetFileAttributesW
FindClose
RtlUnwind
SystemTimeToFileTime
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
GetTempPathW
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlAddFunctionTable
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileA
WriteConsoleW
HeapSize
SetEndOfFile
SetStdHandle
VirtualAlloc
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
ReadFile
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
VirtualProtect
CloseHandle
WideCharToMultiByte
GetUserDefaultLocaleName
CopyFileW
Sleep
SetFileAttributesW
GetModuleFileNameW
GetCommandLineW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
FormatMessageA
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetLastError
GetModuleHandleW
MoveFileExW
GetFileInformationByHandleEx
QueryPerformanceCounter
QueryPerformanceFrequency
WakeAllConditionVariable
SleepConditionVariableSRW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
VerSetConditionMask
VerifyVersionInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetWindowsDirectoryW
SleepEx
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
GetTickCount
CompareFileTime
GetEnvironmentVariableA
SetLastError
FormatMessageW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
user32
CreateWindowExW
SendMessageTimeoutW
GetWindowRect
GetWindowThreadProcessId
SetWindowPos
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SystemParametersInfoW
ReleaseCapture
MapVirtualKeyW
SetCapture
GetCapture
ShowWindow
GetDC
MonitorFromWindow
ScreenToClient
GetCursorPos
SetCursorPos
ClientToScreen
GetKeyState
GetClientRect
SetCursor
FindWindowW
LoadImageW
UpdateWindow
GetUserObjectInformationW
GetProcessWindowStation
SetProcessDPIAware
GetDesktopWindow
SetWindowLongW
LoadCursorW
UnregisterClassW
TranslateMessage
DispatchMessageW
PostQuitMessage
PeekMessageW
RegisterClassW
ReleaseDC
PostMessageW
DefWindowProcW
MessageBoxA
MessageBoxW
SetLayeredWindowAttributes
shell32
SHChangeNotify
ShellExecuteExW
ShellExecuteA
ShellExecuteW
CommandLineToArgvW
ole32
CoCreateInstance
CoInitialize
CoUninitialize
d3d9
Direct3DCreate9
d3dx9_43
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixTranspose
ws2_32
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
inet_pton
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
getnameinfo
listen
getaddrinfo
freeaddrinfo
ioctlsocket
gethostname
shutdown
crypt32
CertCloseStore
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertGetIntendedKeyUsage
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
gdi32
GetDeviceCaps
advapi32
ReportEventW
DeregisterEventSource
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegisterEventSourceW
bcrypt
BCryptGenRandom
Sections
.text Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 900KB - Virtual size: 900KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.3MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ