C:\Users\Cranch\Documents\Visual Studio Projects\CitadelLauncher\x64\Release\CitadelLauncher.pdb
Static task
static1
1 signatures
General
-
Target
CitadelLauncher.exe
-
Size
280KB
-
MD5
47170832a165490fe0441626e512dbb9
-
SHA1
bc42596a075b26a92bcbdf01345af383a0127e98
-
SHA256
e5e0c9ea98c6baad18a452d9acc32aad3d8b5197dc7d33fbfba61f8db2177f31
-
SHA512
761b030b4d410909e7060488b1ff3111c990544465c265c626a5e8ec65c828eb008addf6fcf450240267500937e14d4370f947712b1031960046afcddc995add
-
SSDEEP
192:VPIpb+gmXcMqjJ265ZJSck+ZG5lZ9Dzv5ZaFDzjI83Q5XfQDyxrw:Vwb+gmX9Z+3jmlZ9Hv5QFHjI83KxU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CitadelLauncher.exe
Files
-
CitadelLauncher.exe.exe windows:6 windows x64 arch:x64
b7b3aba73f3bf849808741bcb79d4276
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetModuleFileNameW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext
shell32
ShellExecuteW
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__C_specific_handler
memcpy
_CxxThrowException
__current_exception
__std_exception_copy
__std_exception_destroy
__current_exception_context
memset
memmove
api-ms-win-crt-filesystem-l1-1-0
_wchdir
api-ms-win-crt-runtime-l1-1-0
terminate
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_cexit
__p___argv
_invalid_parameter_noinfo_noreturn
__p___argc
api-ms-win-crt-heap-l1-1-0
_set_new_mode
_callnewh
free
malloc
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ