547c3a00c7b99069ec3a32fc2d4dd73065e91389e728eda58b6b6a39cf7daabc

Sharing

Copy URL

Twitter E-mail

General

Target

547c3a00c7b99069ec3a32fc2d4dd73065e91389e728eda58b6b6a39cf7daabc
Size

2.7MB
MD5

70efe941c26f1cf4be6dcdb24287ac42
SHA1

e5995d4eb7dcde87119e03f7dcb342ceb5344cab
SHA256

547c3a00c7b99069ec3a32fc2d4dd73065e91389e728eda58b6b6a39cf7daabc
SHA512

908faa0ee7649949aa97a26a90d5ed5964d1edd66be9cad31ae2b50e5264fcc6ea8677878d32047fa3f1e61d58a4263f9d3f852f0a01252049c09d16df7639e7
SSDEEP

49152:NdmPRMfXuDKtxR1Mf3Doz5UqMD1aj4EZ2N/HLYY3F1EjhMjSax84:XdVIf0EuY3F1QWdO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
547c3a00c7b99069ec3a32fc2d4dd73065e91389e728eda58b6b6a39cf7daabc

Files

547c3a00c7b99069ec3a32fc2d4dd73065e91389e728eda58b6b6a39cf7daabc
.exe windows:6 windows x64 arch:x64

c45bd89bca4ea5ffcaae77a8592b0fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\link.pdb

Imports

advapi32

EventWrite
EventRegister
EventUnregister
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

FlushFileBuffers
CloseHandle
GetFileSize
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
MapViewOfFileEx
SetFilePointer
DeleteFileW
GetTempPathW
GetFileInformationByHandle
WideCharToMultiByte
GetFullPathNameW
GetACP
lstrcmpiW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
VirtualFree
FreeLibrary
SwitchToThread
FormatMessageW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead
InterlockedFlushSList
CreateThread
ResumeThread
WaitForSingleObject
ReadFile
InterlockedPopEntrySList
InterlockedPushEntrySList
CopyFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryExW
GetEnvironmentVariableW
GetModuleHandleW
EncodePointer
DecodePointer
HeapAlloc
GetProcessHeap
HeapFree
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
VirtualQuery
GetSystemInfo
GetEnvironmentStringsW
SetProcessWorkingSetSize
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetFileTime
RaiseFailFastException
SetErrorMode
SetConsoleCtrlHandler
GetCurrentDirectoryW
FreeEnvironmentStringsW
VirtualAlloc
SuspendThread
GetThreadContext
GetCPInfo
MultiByteToWideChar
GetFileType
GetConsoleMode
GetConsoleOutputCP
MapViewOfFile
GetConsoleScreenBufferInfo
SearchPathW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
CreateEventW
GetTickCount64
GetDriveTypeW
GetLastError
MoveFileExW
WriteFile
SetFilePointerEx
Sleep
GetFileSizeEx
ExitProcess
LoadResource
FindResourceExW
CreateFileW
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetFileTime
LoadLibraryExA
GetSystemTime
CreateFileMappingA
SystemTimeToFileTime
RaiseException
DebugBreak
GetFileInformationByHandleEx
AreFileApisANSI
IsDBCSLeadByte
LocalFree
SetLastError
FormatMessageA
GetFileAttributesExW
TlsFree
TlsGetValue
SleepEx
CreateSemaphoreW
HeapDestroy
TlsAlloc
HeapValidate
InitializeCriticalSection
ReleaseSemaphore
VirtualProtect
TlsSetValue
HeapCreate
LCMapStringEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
_CxxThrowException
memset
memchr
memcmp
memmove
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
strchr
strstr
strrchr
_purecall
wcschr
__unDName
__unDNameEx
__C_specific_handler
wcsrchr
wcsstr
__current_exception

api-ms-win-crt-string-l1-1-0

strncmp
wcstok_s
iswspace
iswprint
_wcsnicmp
_stricmp
wcsnlen
iswdigit
wcsncmp
_wcsupr_s
_strnicmp
wcsncat_s
wcscspn
wcscat_s
wcsncpy_s
isprint
strncat_s
towlower
wcscmp
strncpy
isalnum
toupper
wcsncpy
wcspbrk
isxdigit
strcat_s
strcpy_s
strncpy_s
strcmp
_wcsicmp
iswascii
strlen
wcscpy_s
isdigit

api-ms-win-crt-stdio-l1-1-0

fputws
fputwc
fputs
__stdio_common_vswprintf
_wfdopen
_open_osfhandle
__stdio_common_vswprintf_s
setvbuf
getwchar
__p__commode
__stdio_common_vsprintf_s
__stdio_common_vswscanf
__acrt_iob_func
__stdio_common_vfprintf
fopen
ftell
fseek
fwrite
fclose
_wfsopen
fread
_set_fmode
fflush
__stdio_common_vsnprintf_s
__stdio_common_vfwprintf
__stdio_common_vsscanf
_isatty
fgetws
__stdio_common_vsnwprintf_s
_fileno
_filelength
_get_osfhandle

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_get_errno
__doserrno
_invalid_parameter_noinfo
_get_wpgmptr
_crt_atexit
_register_onexit_function
_set_new_handler
_errno
exit
terminate
_initialize_onexit_table
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
__p__wpgmptr
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

wcstol
atoi
_ultow_s
atol
_ui64tow_s
_itoa_s
_wtoi64
wcstoul
_wcstoui64
_ultoa_s
strtoul
_itow_s

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wfullpath
_waccess
_wmakepath_s
_wremove
_wstat64
_wstat64i32

api-ms-win-crt-time-l1-1-0

_tzset
_wctime64
_time64
clock

api-ms-win-crt-environment-l1-1-0

_wgetcwd
_wdupenv_s
_wsearchenv_s
getenv
_wgetenv_s
_wputenv_s

api-ms-win-crt-utility-l1-1-0

qsort
qsort_s
bsearch

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
calloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
setlocale

api-ms-win-crt-conio-l1-1-0

_cputs
_putwch
__conio_common_vcprintf
__conio_common_vcwprintf
_cputws

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

psapi

GetProcessMemoryInfo

msvcp140

?_Xbad_alloc@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEBA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
_Mtx_current_owns
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Thrd_hardware_concurrency
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Cnd_init_in_situ
?_Winerror_map@std@@YAHH@Z
_Cnd_wait
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Cnd_signal
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ

tbbmalloc

scalable_malloc
scalable_realloc
scalable_free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c45bd89bca4ea5ffcaae77a8592b0fb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

psapi

msvcp140

tbbmalloc

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 345KB - Virtual size: 345KB

.data Size: 11KB - Virtual size: 87KB

.pdata Size: 77KB - Virtual size: 76KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 345KB - Virtual size: 345KB

.data
Size: 11KB - Virtual size: 87KB

.pdata
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 572KB - Virtual size: 576KB