af5dffe18bbacee6d73d022ff44ec8496d98b85ff7da0bbb09251033cc6c6933[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

af5dffe18bbacee6d73d022ff44ec8496d98b85ff7da0bbb09251033cc6c6933.exe
Size

65KB
MD5

73eef06e888b4ce1dae3a9d45f1f6098
SHA1

eb90776f6ab09d45d3aa3c17fbe67ed4faaf01c8
SHA256

af5dffe18bbacee6d73d022ff44ec8496d98b85ff7da0bbb09251033cc6c6933
SHA512

153d4c542f4c5ad08859e73d5c49ee15ecae608546c5982a0ced511dbdbe1bb222d03180b045dd68260ff7704b92dc5c85c750cb097c0b0ed1face91eb2e0012
SSDEEP

1536:2iqBeZWzqm4Gvm7rImTqAFRsTcH9jJ4Z:JmqBPIrXe5J4Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af5dffe18bbacee6d73d022ff44ec8496d98b85ff7da0bbb09251033cc6c6933.exe

Files

af5dffe18bbacee6d73d022ff44ec8496d98b85ff7da0bbb09251033cc6c6933.exe
.exe windows:6 windows x86 arch:x86

1c96c5e31adbe9660be356aa9981d686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\source\repos\Gift\Release\Gift.pdb

Imports

kernel32

GetLocalTime
GetDriveTypeA
CreateMutexA
GetLastError
DeleteFileA
SetFileAttributesA
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
CloseHandle
GetFileAttributesA
GetCurrentProcess
CopyFileA
Sleep
GetModuleHandleA
GetLogicalDriveStringsA
GetModuleFileNameA
InitializeSListHead
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter

user32

MessageBoxA
SystemParametersInfoA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges

shell32

ShellExecuteA

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_Cnd_do_broadcast_at_thread_exit

urlmon

URLDownloadToFileA

vcruntime140

_CxxThrowException
__current_exception_context
memset
__current_exception
memcpy
_except_handler4_common
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_access
_findclose
_findnext64i32
_findfirst64i32
_mkdir
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_exit
_beginthreadex
__p___argc
_configure_narrow_argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
terminate
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argv
_controlfp_s
__p__pgmptr
exit

api-ms-win-crt-stdio-l1-1-0

fwrite
fsetpos
fread
__p__commode
_fseeki64
fgetc
_set_fmode
fclose
ungetc
fgetpos
fflush
setvbuf
fputc
__stdio_common_vsprintf
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c96c5e31adbe9660be356aa9981d686

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

urlmon

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 2KB