C:\Users\cripe\Desktop\Altre cose\C++\DOSrat 2.0\x64\Release\DOSrat 2.0.pdb
Static task
static1
1 signatures
General
-
Target
DOSrat 2.0.exe
-
Size
1.2MB
-
MD5
a663926a8015684c76053126615e69a5
-
SHA1
a3475a5524532307819d4cec13f592c9ac93759b
-
SHA256
d1a52fff63f91e672b23a0ce5bdd887a9b018a364b4c591e5e3ade23e5732d61
-
SHA512
c1e4dea639b288555086ef57fda53852bf10f629ea13cd78190c328226f19984d04e30844f364f8851f70dfa1ffc208852d98a26cb0a1173230a5464d3eefc39
-
SSDEEP
12288:YzPkRH/FMK6plVYmwyKhQk4dt9cD5vcFMFZupIi76KZQS9T:/HdMVplVC1hQk4z2DJKMFZuak79
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource DOSrat 2.0.exe
Files
-
DOSrat 2.0.exe.exe windows:6 windows x64 arch:x64
a7dc25701fe0233a9abe4da6bb87b2ad
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
DeleteCriticalSection
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
SleepEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
SetLastError
AcquireSRWLockExclusive
SetConsoleCursorPosition
CreateDirectoryA
SetConsoleOutputCP
GetConsoleWindow
CloseHandle
CreateFileA
SetConsoleCursorInfo
GetFileAttributesA
GetLastError
Sleep
GetACP
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindClose
GetConsoleCursorInfo
GetStdHandle
SetConsoleScreenBufferSize
GetFullPathNameW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FindFirstFileExW
GetFileSizeEx
GetModuleFileNameA
ReleaseSRWLockExclusive
user32
GetWindowRect
GetSystemMetrics
MessageBoxA
GetForegroundWindow
SetForegroundWindow
MoveWindow
comdlg32
GetOpenFileNameA
shell32
ExtractIconA
ShellExecuteA
Shell_NotifyIconA
msvcp140
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
ws2_32
getsockname
WSAWaitForMultipleEvents
getsockopt
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
ntohs
WSASetLastError
WSACloseEvent
WSAGetLastError
setsockopt
WSAIoctl
ioctlsocket
htons
inet_ntop
recv
socket
send
getpeername
WSAStartup
listen
select
gethostname
bind
htonl
accept
connect
__WSAFDIsSet
WSACleanup
sendto
getaddrinfo
freeaddrinfo
recvfrom
closesocket
normaliz
IdnToAscii
wldap32
ord211
ord217
ord143
ord45
ord27
ord46
ord50
ord301
ord200
ord41
ord22
ord26
ord60
ord30
ord79
ord32
ord33
ord35
crypt32
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertFreeCertificateContext
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_copy
memchr
_CxxThrowException
memcmp
strstr
memmove
strrchr
__current_exception
strchr
memset
memcpy
__std_terminate
__C_specific_handler
__std_exception_destroy
__current_exception_context
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_errno
_set_errno
__sys_errlist
_invalid_parameter_noinfo_noreturn
_getpid
_beginthreadex
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
__p___argv
__p___argc
_seh_filter_exe
system
terminate
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
__sys_nerr
api-ms-win-crt-stdio-l1-1-0
fgetc
ungetc
fflush
__p__commode
fclose
setvbuf
_write
_read
fputc
fread
_fseeki64
fgetpos
_lseeki64
_close
fgets
_open
fopen
_get_stream_buffer_pointers
fsetpos
ftell
fseek
feof
__stdio_common_vsprintf
_set_fmode
__acrt_iob_func
__stdio_common_vsscanf
fputs
fwrite
api-ms-win-crt-heap-l1-1-0
free
malloc
_set_new_mode
realloc
calloc
_callnewh
api-ms-win-crt-utility-l1-1-0
rand
srand
qsort
api-ms-win-crt-math-l1-1-0
_dsign
__setusermatherr
_fdopen
_dclass
api-ms-win-crt-time-l1-1-0
strftime
_gmtime64
_localtime64_s
_time64
api-ms-win-crt-convert-l1-1-0
strtol
strtoul
strtoull
wcstombs
strtod
atoi
mbstowcs_s
strtoll
api-ms-win-crt-filesystem-l1-1-0
_stat64
_access
_chdir
_fstat64
_lock_file
_unlock_file
_unlink
remove
api-ms-win-crt-conio-l1-1-0
_getch
api-ms-win-crt-string-l1-1-0
strncpy
strcmp
tolower
strspn
strpbrk
strncmp
isupper
_strdup
strcspn
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
advapi32
CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
Sections
.text Size: 631KB - Virtual size: 630KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 441KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 373KB - Virtual size: 373KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ