618b8c8076006d9ed23b18e72106afee93f82fdd29713edfc2d6e60573efb1b1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

618b8c8076006d9ed23b18e72106afee93f82fdd29713edfc2d6e60573efb1b1.exe
Size

182KB
MD5

05fec9d74799434c4fb446a614256e80
SHA1

a0c68be021fddaa9c781550fb9c0b43e318378b7
SHA256

618b8c8076006d9ed23b18e72106afee93f82fdd29713edfc2d6e60573efb1b1
SHA512

36ee9a4a2caacbb5790e52363f5d52d9ed26071e408efc838e8e321b3fe7b407cb0a24ae425c37f3366f13a35cc5ee5de594921efdd3c2211320f6ecc6c7d53c
SSDEEP

3072:208YIvwTym/FQTD5jUSieoexwfmeqKsir9qnr91fvz:p8YIvwpQD5jEPUKsiGr91f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
618b8c8076006d9ed23b18e72106afee93f82fdd29713edfc2d6e60573efb1b1.exe

Files

618b8c8076006d9ed23b18e72106afee93f82fdd29713edfc2d6e60573efb1b1.exe
.dll windows:6 windows x64 arch:x64

238b0079cf322325436f80f2dd63a8bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\ZLUDA\ZLUDA\target\release\deps\zluda_redirect.pdb

Imports

advapi32

CreateProcessWithTokenW
CreateProcessWithLogonW
CreateProcessAsUserW

kernel32

ResumeThread
CloseHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
FindResourceW
LoadResource
TerminateProcess
GetModuleFileNameW
GetSystemDirectoryA
CreateToolhelp32Snapshot
GetCurrentThreadId
GetCurrentProcessId
Thread32First
OpenThread
SuspendThread
Thread32Next
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CreateProcessA
CreateProcessW
GetLastError
GetCurrentProcess
GetCurrentThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
GetEnvironmentVariableW
SetLastError
WaitForSingleObject
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
IsWow64Process
MultiByteToWideChar
ReleaseSRWLockExclusive
QueryPerformanceCounter
AcquireSRWLockExclusive
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetStdHandle
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetProcessHeap
HeapAlloc
GetConsoleMode
WriteConsoleW
GetSystemTimeAsFileTime
WaitForSingleObjectEx
CreateMutexA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
_CxxThrowException
memcmp
__C_specific_handler
memcpy
memset
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

DllMain
ZLUDA_REDIRECT
ZludaGetProcAddress_NoRedirect
ZludaLoadLibraryW_NoRedirect

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

238b0079cf322325436f80f2dd63a8bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB