SmurfWrecker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SmurfWrecker.exe
Size

2.0MB
MD5

06402af199a852b43b0daf2242c26353
SHA1

533967c3ec38a790f52f43cbd5c0d8c7162eb9c5
SHA256

e1c2f61e68506a7fbb98c67a08d9d6e75ac6343f8c2d8579b33735b22a77f7e0
SHA512

e04ee9d5ea2fd9475fdc7e771d9d630ef3a24b69eae438651468bc24793fd154a7857c7212570eb08b47515845e97e36353a91ae37d57b3452842f49e3c46437
SSDEEP

49152:wpyO933hjs8t32gR3wt32gR3XTJt32gR36x2eL3zYAsvVgiu1W/KaTAqc48S9Vw7:cJr3lw3lXTP3lJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SmurfWrecker.exe

Files

SmurfWrecker.exe
.exe windows:6 windows x64 arch:x64

517abe0e59ef21564817ec27dffb3767

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\JJ Skarzynski\Desktop\GitHub Repositories\Smurf CS 2\smurfwreckerv3\x64\Release\SmurfWrecker.pdb

Imports

msvcp140

?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??Bios_base@std@@QEBA_NXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
calloc
realloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
abort
_crt_at_quick_exit
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
exit
_cexit
__sys_errlist
__sys_nerr
_beginthreadex
_seh_filter_dll

vcruntime140

__FrameUnwindFilter
memcpy
__CxxRegisterExceptionObject
__std_exception_copy
memmove
__CxxExceptionFilter
__C_specific_handler
__current_exception
__current_exception_context
memset
__CxxUnregisterExceptionObject
__std_exception_destroy
strrchr
strchr
memcmp
strstr
memchr
__CxxDetectRethrow
_CxxThrowException
__CxxQueryExceptionSize

kernel32

TerminateProcess
GetCurrentProcess
GetFileSizeEx
InitializeCriticalSectionEx
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
EnterCriticalSection
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32NextW
CloseHandle
OpenProcess
Module32NextW
WideCharToMultiByte
ReadProcessMemory
WriteProcessMemory
Sleep
VirtualQueryEx
GetSystemInfo
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLastError
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
CreateFileA
GetCurrentProcessId
DeleteCriticalSection

user32

GetAsyncKeyState

shell32

ShellExecuteW
SHGetSpecialFolderPathW

normaliz

IdnToAscii

ws2_32

gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recv
listen
htonl
getsockname
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
setsockopt
connect
WSAIoctl
htons
socket
bind
__WSAFDIsSet
select
accept

wldap32

ord30
ord200
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord301

crypt32

CertAddCertificateContextToStore
CertFindExtension
CertEnumCertificatesInStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertOpenStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain

api-ms-win-crt-math-l1-1-0

_fdopen
atan2f
logf

api-ms-win-crt-stdio-l1-1-0

_lseeki64
fread
_open
fopen
fgetc
ungetc
__stdio_common_vsscanf
_read
ftell
_write
feof
fputc
_fileno
fputs
_close
fclose
fseek
__acrt_iob_func
fwrite
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fgets
_get_stream_buffer_pointers
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
wcstombs
strtoll
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_access
_lock_file
_unlink
_fstat64
_stat64

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strspn
strncpy
strpbrk
strcmp
strcspn

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

bcrypt

BCryptGenRandom

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

mscoree

_CorExeMain

Sections

.text
Size: 667KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

517abe0e59ef21564817ec27dffb3767

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

vcruntime140

kernel32

user32

shell32

normaliz

ws2_32

wldap32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

bcrypt

advapi32

mscoree

Sections

.text Size: 667KB - Virtual size: 667KB

.nep Size: 11KB - Virtual size: 10KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 16KB - Virtual size: 2.1MB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 667KB - Virtual size: 667KB

.nep
Size: 11KB - Virtual size: 10KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 16KB - Virtual size: 2.1MB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB