ce04a8a54a66109beb6c2f740f326d2367ed13cdaa8efe009900ea95a244869a

Sharing

Copy URL

Twitter E-mail

General

Target

ce04a8a54a66109beb6c2f740f326d2367ed13cdaa8efe009900ea95a244869a
Size

2.0MB
MD5

3a51889889fd8d36de2037350d65e451
SHA1

5a1e96713261857c024ccf1211612fb46d3eb2f3
SHA256

ce04a8a54a66109beb6c2f740f326d2367ed13cdaa8efe009900ea95a244869a
SHA512

3dc44cd604abc18c28db1d0b1fee2b5d37c425a47ee2bd97d62aa454830b95df4aa7baf2ab93f9881c52a00776bbd415206afef40bfca658d8931c544ecbb9bf
SSDEEP

24576:DFisXW28i7NGlQN4vaZocO7zqkunIt6u3lfS++SJvdnthFpSZXun0mFaPff8naC:DQe8iQq5dIt1hSvSthFpS9a0mFaPfkz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce04a8a54a66109beb6c2f740f326d2367ed13cdaa8efe009900ea95a244869a

Files

ce04a8a54a66109beb6c2f740f326d2367ed13cdaa8efe009900ea95a244869a
.exe windows:6 windows x64 arch:x64

5694649eae7e403cb98aa8999538b821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\AltaGuard\AltaGuard\x64\Release\AltaGuard.pdb

Imports

kernel32

GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
K32GetModuleFileNameExA
Process32Next
GetACP
IsValidCodePage
Process32First
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
WriteFile
GetModuleFileNameW
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
CreateToolhelp32Snapshot
AllocConsole
GetProcAddress
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetProcessId
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateMutexA
WaitForSingleObject
GetLastError
FindNextFileW
CloseHandle
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
RaiseException
InitializeSRWLock
TryEnterCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetStringTypeW
GetSystemTimeAsFileTime
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
TlsAlloc
TlsGetValue
RtlUnwind

user32

GetMessageA
DefWindowProcA
PostQuitMessage
TranslateMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
GetSystemMetrics
UpdateWindow
GetWindowTextA
MessageBoxA
SetWindowLongA
EnumWindows
GetWindowThreadProcessId
LoadBitmapA
LoadCursorA
LoadIconA
DispatchMessageA

gdi32

CreatePatternBrush

advapi32

OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
GetCurrentHwProfileA
CloseServiceHandle
EnumServicesStatusExA
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenProcessToken

ws2_32

bind
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
htons
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
socket
send
getpeername
connect
closesocket
getsockname
ntohs
setsockopt
WSASetLastError
WSAIoctl
inet_pton
recvfrom
sendto
accept
listen
__WSAFDIsSet
select
htonl
ioctlsocket
gethostname
recv
getsockopt
WSAEnumNetworkEvents

wintrust

WinVerifyTrust

crypt32

CertGetCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain

rpcrt4

UuidCreateSequential

ntdll

RtlPcToFileHeader
VerSetConditionMask

Sections

.text
Size: 867KB - Virtual size: 866KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 919KB - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5694649eae7e403cb98aa8999538b821

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ws2_32

wintrust

crypt32

rpcrt4

ntdll

Sections

.text Size: 867KB - Virtual size: 866KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 11KB - Virtual size: 20KB

.pdata Size: 38KB - Virtual size: 37KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 919KB - Virtual size: 919KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 867KB - Virtual size: 866KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 11KB - Virtual size: 20KB

.pdata
Size: 38KB - Virtual size: 37KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 919KB - Virtual size: 919KB

.reloc
Size: 5KB - Virtual size: 5KB