68d4a688d2a8e38f6b8841cbd714daa0ccf150a4f1e98bcbd78f1c129f5a98f5

Sharing

Copy URL Twitter E-mail

General

Target

68d4a688d2a8e38f6b8841cbd714daa0ccf150a4f1e98bcbd78f1c129f5a98f5
Size

5.0MB
MD5

35ff97e7788632c9dfb354e1d1d2a3d7
SHA1

20c978a5a3313c4d0b112608f60e097afcece6d2
SHA256

68d4a688d2a8e38f6b8841cbd714daa0ccf150a4f1e98bcbd78f1c129f5a98f5
SHA512

a94fa6cbebab88a25c213e1172bd6c34cab57b3b2cd11bd45e907149761f7e7f52425b5ddd25bf28cde9bb50701eb6a648d819d28b49cb9682d71496553a563e
SSDEEP

49152:IGtlqiaIU6iKVwASOJ9EeVUHsv1dQ+ohdF648BtTyOQLCtdbK8veSMzZ/pqwpPwQ:N+o7MN8BtTyTdLZ/twy30MX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68d4a688d2a8e38f6b8841cbd714daa0ccf150a4f1e98bcbd78f1c129f5a98f5

Files

68d4a688d2a8e38f6b8841cbd714daa0ccf150a4f1e98bcbd78f1c129f5a98f5
.exe windows:6 windows x64 arch:x64

035b04c9f64f6eef438073bbdf479dc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Arweix\Projects\VS\ArcadeLoader\x64\Release\ArcadeLoader.pdb

Imports

vmprotectsdk64

VMProtectIsProtected
VMProtectBegin

advapi32

CryptDestroyKey
CryptEnumProvidersW
CryptSignHashW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptGenRandom
CryptDecrypt
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey

user32

MessageBoxW
ShowWindow
wsprintfA
GetProcessWindowStation
GetUserObjectInformationW

ws2_32

sendto
recvfrom
WSASetLastError
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW
getservbyname
getaddrinfo
WSAStartup
getpeername
htons
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getsockname
getservbyport
inet_pton

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext

wininet

InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntry
InternetOpenUrlA
InternetReadFile

kernel32

GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
DeleteFileW
CreateProcessW
GetExitCodeProcess
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
SetEndOfFile
ReadConsoleInputW
FormatMessageA
GetDriveTypeW
GetConsoleCP
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
Sleep
GetSystemTime
WriteFile
CreateFileA
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetVolumeInformationA
LoadLibraryA
GetSystemInfo
GetProcAddress
GlobalMemoryStatusEx
GetConsoleWindow
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
ReadFile
SetFileTime
SetFilePointer
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SystemTimeToFileTime
CreateDirectoryA
GetFileInformationByHandle
FileTimeToSystemTime
SetLastError
GetLastError
GetCurrentProcessId
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetModuleHandleExW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
FreeLibrary
RtlUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetEnvironmentVariableW
GetACP
GetFileType
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiberEx
GetSystemTimeAsFileTime
RtlVirtualUnwind
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
TryAcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
LCMapStringEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

035b04c9f64f6eef438073bbdf479dc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vmprotectsdk64

advapi32

user32

ws2_32

crypt32

wininet

kernel32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 983KB - Virtual size: 982KB

.data Size: 49KB - Virtual size: 70KB

.pdata Size: 150KB - Virtual size: 149KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 983KB - Virtual size: 982KB

.data
Size: 49KB - Virtual size: 70KB

.pdata
Size: 150KB - Virtual size: 149KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 45KB - Virtual size: 44KB