ea53bc3ee61447fea3c5616617ebf5f927d5abfbcdad0d55c2e3aeb865ecbfd8

Sharing

Copy URL

Twitter E-mail

General

Target

ea53bc3ee61447fea3c5616617ebf5f927d5abfbcdad0d55c2e3aeb865ecbfd8
Size

883KB
MD5

9f594848b75391974f6ad6d598447596
SHA1

4f44752c43115691a6ff01de657f5e7fd8f0381d
SHA256

ea53bc3ee61447fea3c5616617ebf5f927d5abfbcdad0d55c2e3aeb865ecbfd8
SHA512

c1a9c261f0cf45789e4c418dbe1fa0dbcab00ec965705295ba508000a17aee1b15a44056e2e748a9b6dd62890dc8e247758f06b416f8d652caf4f0b0ddcdf37c
SSDEEP

12288:rZalDupDV5h1JkNNb/6JvY67VMBNO/aXpXI22+VufvdIOKek1h4TA8bXQJYe:rk2Lhf0r6J17W8CX32+KJNA80T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea53bc3ee61447fea3c5616617ebf5f927d5abfbcdad0d55c2e3aeb865ecbfd8

Files

ea53bc3ee61447fea3c5616617ebf5f927d5abfbcdad0d55c2e3aeb865ecbfd8
.exe windows:6 windows x86 arch:x86

d60c05482c2e2e57ef9850a51da9e644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\\binaries\x86ret\bin\x86_amd64\cl.x86_amd64.pdb

Imports

advapi32

CryptGenRandom
EventRegister
CryptAcquireContextW
EventWrite
CryptReleaseContext
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

ReadFile
FindFirstFileW
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
SetEnvironmentVariableW
SetErrorMode
GetEnvironmentVariableW
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
FreeEnvironmentStringsW
GetLastError
DeleteFileW
CloseHandle
RaiseException
GetSystemInfo
LoadLibraryW
GetCurrentDirectoryW
SwitchToThread
DecodePointer
GetProcAddress
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetEnvironmentStringsW
VirtualQuery
LoadLibraryExW
GetFullPathNameW
GetTempPathW
GetDiskFreeSpaceExW
SetConsoleCtrlHandler
SearchPathW
GetConsoleScreenBufferInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenEventW
SetEvent
CreateProcessW
GetExitCodeProcess
GetConsoleOutputCP
WriteFile
GetACP
GetConsoleMode
QueryPerformanceFrequency
LoadResource
FindResourceW
WideCharToMultiByte
GetFileType
QueryPerformanceCounter
VirtualFree
VirtualAlloc
UnmapViewOfFile
MapViewOfFileEx
GetStartupInfoW
GetStdHandle
WaitForMultipleObjects
SetThreadPriority
CreatePipe
CreateMutexW
DuplicateHandle
Sleep
CreateThread
GetCurrentProcessId
HeapFree
FindNextFileW
GetUserDefaultUILanguage
EncodePointer
HeapAlloc
GetProcessHeap
CreateEventW
GetTickCount64
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LocalFree
FormatMessageA
GetFileAttributesExW
LoadLibraryExA
VirtualProtect
AreFileApisANSI
OutputDebugStringW
GetFileInformationByHandleEx
UnhandledExceptionFilter

vcruntime140

wcschr
__std_exception_destroy
__current_exception_context
memset
__current_exception
memmove
__std_exception_copy
_except_handler4_common
wcsrchr
memcpy
__CxxFrameHandler3
_CxxThrowException
wcsstr

api-ms-win-crt-string-l1-1-0

_wcsupr_s
wcsspn
_wcslwr_s
towlower
wcspbrk
wcsncpy_s
wcscat_s
wcscpy_s
iswdigit
wcsncat_s
wcsnlen
iswspace
_wcsdup
_wcsicmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

__doserrno
_get_wpgmptr
exit
__p__wpgmptr
_wsystem
_get_initial_wide_environment
_errno
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_seh_filter_exe
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_set_app_type

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wstat64i32
_wunlink
_wsplitpath_s
_wmakepath_s
_waccess_s
_wremove

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
setlocale

api-ms-win-crt-stdio-l1-1-0

fflush
puts
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vfprintf
__p__commode
__acrt_iob_func
__stdio_common_vswscanf
_isatty
fputws
_get_osfhandle
getwchar
_dup2
_flushall
_set_fmode
fgetws
_fileno
_setmode
__stdio_common_vswprintf_s
fclose
_wfopen_s
__stdio_common_vfwprintf_s
feof
fopen
_write
_wfsopen

api-ms-win-crt-convert-l1-1-0

wcstoul
_itow_s
_wtoi
wcstol

api-ms-win-crt-environment-l1-1-0

getenv
_wgetcwd
_wdupenv_s
_wgetenv_s
_wputenv_s

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
calloc
realloc
malloc

api-ms-win-crt-process-l1-1-0

_wspawnv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-conio-l1-1-0

_cputws

api-ms-win-crt-time-l1-1-0

_ftime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

ole32

StringFromGUID2
CoCreateGuid

msvcp140

?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$ctype@G@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?_Xlength_error@std@@YAXPBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?width@ios_base@std@@QAE_J_J@Z
??Bid@locale@std@@QAEIXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
?width@ios_base@std@@QBE_JXZ

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d60c05482c2e2e57ef9850a51da9e644

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

ole32

msvcp140

Sections

.text Size: 283KB - Virtual size: 283KB

.data Size: 7KB - Virtual size: 23KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 283KB - Virtual size: 283KB

.data
Size: 7KB - Virtual size: 23KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 580KB - Virtual size: 584KB