Launcher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Launcher.exe
Size

4.4MB
MD5

cce3120bc42177baa23e3408b07ae832
SHA1

d2107b7619f99d0796c21b8bd13e02ea3311f50d
SHA256

fa47cd307725a8c9f8021530ea3ddfc91c43d010d94b9c2ba080c887cce93937
SHA512

f41416617286f23dd0e91626efb7fcc5483f8a03d2cb51ef402b2b55cd958ef1cf09a9049093699c4d4abe7882ccc550342226a00ed7b58e2626bfe259ab218d
SSDEEP

98304:y8FfEy7yO/L7Tz6/DeBv+LCfICPLnFYLoA5CuTtl:Vcuy47n6CB2LCfIcLeD9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Launcher.exe

Files

Launcher.exe
.exe windows:6 windows x64 arch:x64

8ba84303059bff9d986999514225e980

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenThread
GetCurrentProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
SetThreadContext
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateFileA
GetFileSizeEx
WaitForSingleObjectEx
FormatMessageA
SetLastError
RtlDeleteFunctionTable
ReadProcessMemory
GetThreadContext
VirtualProtectEx
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
RtlAddFunctionTable
VirtualAlloc
VirtualFree
GetStartupInfoW
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetCurrentDirectoryA
GetTickCount
QueryPerformanceCounter
TerminateProcess
CreateProcessA
Sleep
CreateThread
OpenProcess
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
CloseHandle
MapViewOfFile
CreateFileMappingA
OpenMutexA
GetCurrentThreadId
GetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CreateMutexExA

user32

PostQuitMessage
SendMessageA
CallWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
GetDC
SetWindowLongPtrA
BeginPaint
IsWindowVisible
EndPaint
SetWindowTextA
FindWindowA
MessageBoxA
SetWindowPos
GetSystemMetrics
DefWindowProcA
DispatchMessageA
GetWindowLongPtrA
GetWindowRect
FillRect
SetFocus
LoadBitmapA
UpdateWindow
InvalidateRect

gdi32

TextOutA
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
CreateFontA
CreateSolidBrush
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptDestroyKey

spel64

load_library

msvcp140

??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0facet@locale@std@@IEAA@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__current_exception_context
_CxxThrowException
memcmp
memmove
memset
__current_exception
__std_terminate
__C_specific_handler
strstr
strrchr
_purecall
strchr
__std_exception_destroy
__std_exception_copy
memchr
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_narrow_winmain_command_line
exit
_set_app_type
_seh_filter_exe
terminate
strerror
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
__sys_nerr
_initterm_e
_invalid_parameter_noinfo
_errno
_getpid
_invalid_parameter_noinfo_noreturn
_exit

api-ms-win-crt-time-l1-1-0

clock
_gmtime64
_time64
strftime
_localtime64_s

api-ms-win-crt-string-l1-1-0

strcpy_s
tolower
_stricmp
strcat_s
_strdup
strncmp
strncpy
strpbrk
isupper
strspn
strcspn
strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fgets
fopen_s
_set_fmode
fseek
fputs
ftell
__acrt_iob_func
fopen
__stdio_common_vsscanf
__p__commode
rewind
__stdio_common_vsprintf
_read
_write
fread
fclose
fwrite
_open
_lseeki64
_get_stream_buffer_pointers
_close
fputc
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlock_file
_fstat64
_lock_file
_unlink
remove
_access
rename

api-ms-win-crt-utility-l1-1-0

rand_s
srand
rand
qsort

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsncmp
_mbschr
_mbsnbcpy

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CryptStringToBinaryA

ws2_32

socket
WSAStartup
ntohl
gethostname
htonl
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
__WSAFDIsSet
select
bind
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
ioctlsocket
ntohs
connect
getsockopt
htons
setsockopt
send
WSAGetLastError
recv

wldap32

ord32
ord211
ord26
ord30
ord301
ord50
ord143
ord60
ord217
ord41
ord33
ord79
ord200
ord27
ord35
ord45
ord46
ord22

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 3.1MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8ba84303059bff9d986999514225e980

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

spel64

msvcp140

version

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

ws2_32

wldap32

Sections

.text Size: 490KB - Virtual size: 489KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 669KB - Virtual size: 669KB

.reloc Size: - Virtual size: 1KB

.vlizer Size: 3.1MB - Virtual size: 8.2MB

.text
Size: 490KB - Virtual size: 489KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 669KB - Virtual size: 669KB

.reloc
Size: - Virtual size: 1KB

.vlizer
Size: 3.1MB - Virtual size: 8.2MB