C:\Users\hulk\programming\tagger\target\release\deps\Manifest.pdb
Static task
static1
1 signatures
General
-
Target
DownloadSetup.exe
-
Size
3.2MB
-
MD5
4048699e9404743c9dc3fb30304fe66d
-
SHA1
c162d25596f6ab9f09527aeedfceed18ea15633b
-
SHA256
bc2d5c5320085cb6d904b9c73f7b9d2a9b401ab10b6e845a0f5c693b35cd47b5
-
SHA512
be207f986924b9e651c4e19a1e56c4f3f19394074ba697e50671f63b4926812f85984bdb279527cab2f702b28e15bf9d5523b1c5cc9f54cb8e7356ca91dd16ea
-
SSDEEP
49152:akxpSrldiuaPilGlEoGV2XHDIC/QhNRKG6PZXGLdAn+CNXKi/K/LCr6:akHvPNVXp3PZXmdA+CNL/K/e
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource DownloadSetup.exe
Files
-
DownloadSetup.exe.exe windows:6 windows x64 arch:x64
cfb2679c589bddedda9cf540f1ef8ef7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
RtlGetVersion
NtDeviceIoControlFile
NtQuerySystemInformation
RtlVirtualUnwind
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtWriteFile
RtlUnwindEx
NtCancelIoFileEx
RtlPcToFileHeader
kernel32
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetLastError
GetFileAttributesA
LockFile
GetFileAttributesExW
OutputDebugStringW
SetHandleInformation
SetFilePointer
FlushViewOfFile
GetFullPathNameA
SetEndOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
UnlockFileEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetProcAddress
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
GetTempPathW
GetModuleHandleA
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
CreateMutexW
SetUnhandledExceptionFilter
VirtualQueryEx
ReadProcessMemory
IsProcessorFeaturePresent
GlobalMemoryStatusEx
K32GetPerformanceInfo
WaitForSingleObject
CloseHandle
CreateFileW
TerminateProcess
OpenProcess
GetFileAttributesW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead
UnmapViewOfFile
HeapValidate
IsDebuggerPresent
RaiseException
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
LoadLibraryExW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExA
FormatMessageW
TlsFree
LocalFree
CreateMutexA
GetCurrentThread
SleepConditionVariableSRW
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
lstrlenW
GetDiskFreeSpaceA
GetTimeZoneInformationForYear
WriteConsoleW
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetFileInformationByHandle
GetStdHandle
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
GetModuleFileNameW
user32
GetSystemMetrics
ws2_32
send
recv
ioctlsocket
connect
WSASocketW
closesocket
setsockopt
getaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
getsockopt
freeaddrinfo
select
iphlpapi
GetAdaptersAddresses
pdh
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCollectQueryData
powrprof
CallNtPowerInformation
advapi32
SystemFunction036
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
psapi
GetModuleFileNameExW
GetProcessMemoryInfo
shell32
CommandLineToArgvW
SHGetKnownFolderPath
ole32
CoTaskMemFree
oleaut32
SysFreeString
SysStringLen
GetErrorInfo
bcrypt
BCryptGenRandom
api-ms-win-crt-string-l1-1-0
wcsncmp
strcpy_s
wcslen
strcmp
strlen
strcspn
strncmp
api-ms-win-crt-heap-l1-1-0
calloc
_set_new_mode
realloc
malloc
_msize
free
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-runtime-l1-1-0
_set_app_type
exit
_exit
_initterm
__p___argc
_seh_filter_exe
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
abort
_endthreadex
__p___argv
_beginthreadex
_initterm_e
api-ms-win-crt-math-l1-1-0
pow
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 2.5MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 651KB - Virtual size: 650KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ