revoked_cock[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

revoked_cock.exe
Size

20.3MB
MD5

4bccd3da357bb1b5990c57efcd53611b
SHA1

f477ea9a55bcacfb48122b020186a5f5dd425536
SHA256

72168809c9793c43b5fab1a477e538d137963500ae0d9e6dedd4fd215635970b
SHA512

159fc8ebe8ebd3a4fad2d8fb9962eb0e8bfbcb2a4e7cfecae23c40027e764ec62f37546cc4a198dc6a6d6823912daa87b9975bc55090d9a7f9d49bc6d401bac1
SSDEEP

393216:RWgtXO15JJ9pFHT40MXLd8MfnDEv6IdfZGkC8rdJHCpTsPEAn:RWywbNHM5XhDEiIXr5JagP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
revoked_cock.exe

Files

revoked_cock.exe
.exe windows:6 windows x64 arch:x64

8d7384d6bca929ee7034ff9cfa4a9f0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FindNextVolumeW
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileW
GetFileAttributesExW
GetFullPathNameW
AreFileApisANSI
FindVolumeClose
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetLastError
CreateFileW
SetFilePointer
DeviceIoControl
WriteFile
FindFirstVolumeW
QueryDosDeviceW
ReadFile
FreeConsole
GetTickCount64
GetTempPathW
DeleteFileW
GetSystemDirectoryW
LoadLibraryExA
QueryPerformanceCounter
FreeLibrary
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateFileA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
GetStartupInfoW
GetCurrentProcessId
CreateProcessA
CloseHandle
GetCurrentThread
GetModuleHandleA
WaitForSingleObject
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeSListHead
GetCurrentThreadId
LocalFree

user32

PeekMessageA
TranslateMessage
SetLayeredWindowAttributes
ShowWindow
RegisterClassExW
UpdateWindow
GetSystemMetrics
CreateWindowExW
DestroyWindow
DispatchMessageA
DefWindowProcW
SetClipboardData
PostQuitMessage
UnregisterClassW
GetCursorPos
GetKeyState
GetMessageExtraInfo
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
GetClipboardData
OpenClipboard
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
CloseClipboard
EmptyClipboard

advapi32

CloseServiceHandle
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExA
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteA

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_join
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id

ws2_32

WSAGetLastError
setsockopt
WSAGetOverlappedResult
htons
recv
send
WSAStartup
inet_pton
WSACreateEvent
WSACloseEvent
WSACleanup
bind
WSAIoctl
closesocket
shutdown
socket

iphlpapi

GetAdaptersAddresses

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

ntdll

RtlInitAnsiString
NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAnsiStringToUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
strstr
memchr
memcmp
memcpy
__std_terminate
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
terminate
_errno

api-ms-win-crt-string-l1-1-0

strcmp
_stricmp
strncpy
strncmp
iswalnum
strlen
iswxdigit
towupper
wcslen

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fputc
fgetc
__stdio_common_vswprintf_s
__stdio_common_vsprintf
_set_fmode
__p__commode
fgetpos
setvbuf
_get_stream_buffer_pointers
ftell
_fseeki64
__acrt_iob_func
fflush
__stdio_common_vsscanf
fread
_wfopen
fwrite
fsetpos
fclose
fseek
ungetc
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

sqrtf
fabs
acosf
ceilf
fmodf
sinf
cosf
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 19.8MB - Virtual size: 19.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 438KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d7384d6bca929ee7034ff9cfa4a9f0e

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

ws2_32

iphlpapi

imm32

d3dcompiler_47

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 19.8MB - Virtual size: 19.8MB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 438KB - Virtual size: 441KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 960B

.text
Size: 19.8MB - Virtual size: 19.8MB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 438KB - Virtual size: 441KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 960B