Simple Mod Framework-200-2-32-3-1696317216[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Simple Mod Framework-200-2-32-3-1696317216.exe
Size

9.4MB
MD5

540e7d63573dee5be6f4d58991b13a3b
SHA1

9c778708b86a38251d4125b858532295007f035a
SHA256

6dacabb147f7bffeec4a878de8279b37dda5d266eba7740ebd940768d6fba07e
SHA512

f2173ec29efa94c88e23725f2cdff98591f83fb702feefa67c192569a3630900a4c790369c51308d96d2821e49629400cddf76b6a70e8d38d39e2d4d47934f84
SSDEEP

98304:GZ9wyZRg55XmSV7fGSnYmKZH+udabKA+:uzgGS8qYmKN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Simple Mod Framework-200-2-32-3-1696317216.exe

Files

Simple Mod Framework-200-2-32-3-1696317216.exe
.exe windows:6 windows x64 arch:x64

c56899484db32734788e0d5b0c23f816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\User\Documents\Github\simple-mod-framework-installer\target\release\deps\simple_mod_framework_installer.pdb

Imports

ntdll

NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlVirtualUnwind

kernel32

ReleaseSRWLockShared
ReleaseMutex
lstrlenW
FreeLibrary
GetProcAddress
AcquireSRWLockShared
LoadLibraryA
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapAlloc
IsDebuggerPresent
FindClose
FormatMessageW
CompareStringOrdinal
AddVectoredExceptionHandler
HeapFree
GetProcessHeap
SwitchToThread
SetHandleInformation
GetLastError
GetCurrentProcessId
GetCurrentThreadId
SetFileCompletionNotificationModes
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentThread
GetEnvironmentStringsW
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
GetOverlappedResult
ReadFile
LoadLibraryW
CreateThread
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
SetThreadErrorMode
WriteConsoleW
GetFileAttributesW
Sleep
CreateProcessW
GetWindowsDirectoryW
GlobalLock
GlobalSize
GlobalUnlock
GetSystemDirectoryW
WaitForMultipleObjects
CreateNamedPipeW
GlobalAlloc
GetFullPathNameW
GlobalFree
MultiByteToWideChar
ExitProcess
GetConsoleMode
CancelIo
CreateEventW
GetEnvironmentVariableW
GetFinalPathNameByHandleW
DeviceIoControl
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
CreateFileW
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
PostQueuedCompletionStatus
QueryPerformanceFrequency
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetThreadStackGuarantee
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetExitCodeProcess
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
DuplicateHandle
SetLastError
GetCurrentProcess
GetModuleHandleA
GetCurrentDirectoryW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SystemFunction036

ws2_32

setsockopt
WSASend
send
WSARecv
recv
shutdown
getsockopt
getpeername
getsockname
accept
listen
ioctlsocket
connect
bind
WSASocketW
WSADuplicateSocketW
WSAGetLastError
WSAIoctl
WSACleanup
select
getaddrinfo
WSAStartup
closesocket
freeaddrinfo

secur32

FreeCredentialsHandle
QueryContextAttributesW
DecryptMessage
AcquireCredentialsHandleA
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
ApplyControlToken
DeleteSecurityContext
EncryptMessage

crypt32

CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertGetCertificateChain
CertDuplicateCertificateChain

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
RevokeDragDrop

shell32

DragFinish
SHCreateItemFromParsingName
SHGetKnownFolderPath
ShellExecuteW
DragQueryFileW

user32

RegisterWindowMessageA
GetRawInputData
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
MsgWaitForMultipleObjectsEx
GetClassInfoExW
GetClassNameW
ClientToScreen
DestroyIcon
ShowWindow
SendMessageW
SetWindowLongW
ReleaseCapture
GetWindowRect
ToUnicodeEx
SetWindowPlacement
GetWindowPlacement
GetWindowLongW
RegisterRawInputDevices
GetMenu
AdjustWindowRectEx
ShowCursor
ChangeDisplaySettingsExW
GetMessageW
SetCapture
MapVirtualKeyA
SystemParametersInfoA
GetWindowLongPtrW
ClipCursor
DispatchMessageW
TranslateMessage
GetKeyState
CreateWindowExW
RegisterClassExW
GetDC
InvalidateRgn
RegisterTouchWindow
GetSystemMetrics
SetWindowTextW
SetCursor
LoadCursorW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
MonitorFromRect
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
ScreenToClient
MapVirtualKeyW
SendInput
PostMessageW
DefWindowProcW
GetUpdateRect
PeekMessageW
PostThreadMessageW
RedrawWindow
ValidateRect
SetWindowLongPtrW
DestroyWindow
GetKeyboardState
SetForegroundWindow
CreateIcon
GetClipCursor
GetActiveWindow
GetKeyboardLayout
IsProcessDPIAware
GetClientRect

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

opengl32

wglDeleteContext
wglMakeCurrent
wglGetCurrentDC
wglGetCurrentContext
wglGetProcAddress
wglCreateContext
wglShareLists

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject
GetPixelFormat
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers

dwmapi

DwmEnableBlurBehindWindow

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

imm32

ImmGetCompositionStringW
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext
ImmReleaseContext

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

vcruntime140

memset
__current_exception_context
__current_exception
__CxxFrameHandler3
memmove
memcpy
memcmp
__C_specific_handler
_CxxThrowException

api-ms-win-crt-math-l1-1-0

exp2f
ceil
log10
floor
pow
sinf
expf
sin
cos
roundf
trunc
_hypotf
atan2f
acosf
cbrtf
cosf
round
__setusermatherr
floorf
powf
ceilf
truncf

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
exit
_set_app_type
_exit
__p___argc
__p___argv
_cexit
_initterm
terminate
_crt_atexit
_register_onexit_function
_c_exit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_seh_filter_exe

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c56899484db32734788e0d5b0c23f816

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

secur32

crypt32

ole32

shell32

user32

oleaut32

opengl32

gdi32

dwmapi

winmm

imm32

uxtheme

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 18KB - Virtual size: 21KB

.pdata Size: 256KB - Virtual size: 255KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 18KB - Virtual size: 21KB

.pdata
Size: 256KB - Virtual size: 255KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 36KB - Virtual size: 36KB