76ecf55bf3fcf8637a0bf3d03c8db796e980e7bccd980a1cd621710f9a8dcdc8

Sharing

Copy URL

Twitter E-mail

General

Target

76ecf55bf3fcf8637a0bf3d03c8db796e980e7bccd980a1cd621710f9a8dcdc8
Size

8.8MB
MD5

9942bb1878603b8dc7d156237e1acad1
SHA1

380caf902f3a867736948a60150048b14b0ac326
SHA256

76ecf55bf3fcf8637a0bf3d03c8db796e980e7bccd980a1cd621710f9a8dcdc8
SHA512

9402ef3ade67441d3c2f08ff76d1e4d1cd0f89b77bc7d2c9983d6aea3490353d00deceea6787eb1a5263e1fb492a03671ec55ce17937d18fab0a3fdc2e5494b3
SSDEEP

98304:9uCIb+VHJ2cK2l8bYYlQwXm5dKMH9LFjnxymZbROZn:9McK2lPTwW5dKMRymZy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
76ecf55bf3fcf8637a0bf3d03c8db796e980e7bccd980a1cd621710f9a8dcdc8

Files

76ecf55bf3fcf8637a0bf3d03c8db796e980e7bccd980a1cd621710f9a8dcdc8
.exe windows:6 windows x64 arch:x64

d098073832052605671a77201ba502d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\Intermediate\vctools\llvm-symbolizer.nativeproj__1535137144\objr\amd64\bin\llvm-symbolizer.pdb

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegOpenKeyExA
RegGetValueW
RegOpenKeyExW
RegQueryValueExW

kernel32

GetStdHandle
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
ReadFile
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
CloseHandle
DuplicateHandle
GetLastError
SetLastError
Sleep
GetCurrentProcess
GetSystemInfo
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
MoveFileExW
CreateHardLinkW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
FindFirstFileW
GetLongPathNameW
SetErrorMode
GetProcessTimes
GetCurrentProcessId
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetModuleHandleW
GetProcAddress
GetFileType
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetCurrentThreadId
LoadLibraryW
SetConsoleCtrlHandler
SearchPathW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
FormatMessageA
K32GetProcessMemoryInfo
RaiseException
SetThreadPriority
GetLogicalProcessorInformationEx
GetThreadGroupAffinity
SetThreadGroupAffinity
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualProtect
FreeLibrary
LoadLibraryExA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
SetEvent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
DecodePointer
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleMode
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
OutputDebugStringW
LoadLibraryExW

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Query_perf_frequency
_Query_perf_counter
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Xtime_get_ticks
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

vcruntime140

memset
__std_exception_copy
__C_specific_handler
longjmp
memmove
memcpy
__std_exception_destroy
_CxxThrowException
__std_type_info_compare
__std_type_info_destroy_list
__current_exception_context
memchr
__current_exception
_purecall
memcmp
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

signal
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_set_error_mode
_exit
_initterm_e
_set_abort_behavior
_get_initial_narrow_environment
abort
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invoke_watson
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_beginthreadex
exit
terminate
_initterm
_errno

api-ms-win-crt-heap-l1-1-0

malloc
_recalloc
calloc
realloc
_heapwalk
free
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

_fileno
_setmode
__acrt_iob_func
_set_fmode
fgets
_write
_lseek
_close
_read
__stdio_common_vsprintf
__p__commode
fflush
__stdio_common_vfprintf
_get_osfhandle
_lseeki64
_open_osfhandle
_chsize_s

api-ms-win-crt-string-l1-1-0

isalnum
isxdigit
toupper
strncmp
isalpha
tolower
islower
strspn
strcspn
isdigit
isupper

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-convert-l1-1-0

atoi
strtod
strtoll
strtof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

modf
ceil
_fpclass
ceilf
__setusermatherr
_dclass
round
sqrt
log10

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

UnregisterClassW

oleaut32

SysFreeString
SysStringByteLen
SysAllocString
VarBstrCmp
SysAllocStringLen

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 813B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d098073832052605671a77201ba502d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

oleaut32

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 85KB - Virtual size: 111KB

.pdata Size: 296KB - Virtual size: 296KB

.idata Size: 16KB - Virtual size: 16KB

.didat Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 813B

.00cfg Size: 512B - Virtual size: 337B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 628KB - Virtual size: 632KB

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 85KB - Virtual size: 111KB

.pdata
Size: 296KB - Virtual size: 296KB

.idata
Size: 16KB - Virtual size: 16KB

.didat
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 813B

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 628KB - Virtual size: 632KB