aleo-testnet1-v2[.]2[.]7-x86_64-pc-windows-msvc[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

aleo-testnet1-v2.2.7-x86_64-pc-windows-msvc.zip
Size

26.8MB
MD5

3c7d52ec43a6f558e68953624d67144d
SHA1

eea3b87a926a172ee451e6a668e48eecae5c3819
SHA256

05d9e7caa92b1e4a548e31815ebe3962b5c92c11d5d85074c719b35594333192
SHA512

52f099e054079f9f1d30fa93f6c9e65956058a8803f416fb14559e37f189e1e3698a317d4f8cbc72ae6289e861c2699d98de4eb5f634ee349db1aab9da6c97eb
SSDEEP

786432:4aROYN48pvg6SmNZ3ImKTtgBTULGEVTJWO88gSfCNo:1wu48p44NpIfrLGgTJWOgSfCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/snarkos.exe

Files

aleo-testnet1-v2.2.7-x86_64-pc-windows-msvc.zip
.zip

Password: infected
snarkos.exe
.exe windows:6 windows x64 arch:x64

Password: infected

503e03e19c4b02066918bd2689819746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\snarkOS\snarkOS\target\release\deps\snarkos.pdb

Imports

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

shlwapi

PathIsRelativeW
PathIsDirectoryW

ws2_32

WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockname
getpeername
select
getaddrinfo
WSADuplicateSocketW
accept
WSARecv
freeaddrinfo
WSACleanup
WSAStartup
socket
listen
WSAEventSelect
WSASend
recv
WSAIoctl
getsockopt
connect
shutdown
bind
setsockopt
WSAGetLastError
ioctlsocket
closesocket
ntohs
WSASetLastError
htons
__WSAFDIsSet
htonl
WSAWaitForMultipleEvents
send
WSASocketW
WSAResetEvent

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertDuplicateCertificateChain
CertGetEnhancedKeyUsage
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext

bcrypt

BCryptGenRandom

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

kernel32

TlsAlloc
GetComputerNameA
CreateHardLinkW
MapViewOfFileEx
CreateFileMappingW
GetCurrentThreadId
TlsGetValue
GetFileSizeEx
SetFilePointerEx
RemoveDirectoryW
GetFileAttributesExW
GetDiskFreeSpaceExW
CreateFileA
GetCurrentProcessorNumber
TlsSetValue
GetThreadId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FlushFileBuffers
ReadFile
WriteFile
FlushViewOfFile
FormatMessageA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
FreeLibrary
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
DeviceIoControl
VerifyVersionInfoW
FindNextFileW
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete
SetFileTime
GetLocaleInfoEx
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetConsoleMode
SetConsoleMode
GetLastError
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
QueryPerformanceCounter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandleEx
SetConsoleCursorInfo
CloseHandle
SetConsoleActiveScreenBuffer
WaitForMultipleObjects
GetNumberOfConsoleInputEvents
CreateFileW
ReadConsoleInputW
CreateConsoleScreenBuffer
GetModuleHandleW
GetProcAddress
lstrlenW
SwitchToThread
PostQueuedCompletionStatus
WakeConditionVariable
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
GetLogicalProcessorInformation
Sleep
GetModuleHandleA
QueryPerformanceFrequency
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentProcess
DuplicateHandle
GetModuleFileNameW
GetCommandLineW
WaitForSingleObject
DeleteFileW
LocalFree
CreateProcessA
ExitProcess
FreeEnvironmentStringsW
ReleaseMutex
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcessId
SetHandleInformation
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReadFileEx
SleepEx
WriteFileEx
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
SetFileInformationByHandle
CreateDirectoryW
MoveFileExW
FindFirstFileW
FindClose
GetFinalPathNameByHandleW
CopyFileExW
GetFileType
FormatMessageW
GetFullPathNameW
CreateNamedPipeW
GetEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetConsoleCtrlHandler
GlobalMemoryStatusEx
RtlVirtualUnwind
InitializeSRWLock

ntdll

NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath
CommandLineToArgvW

user32

GetWindowThreadProcessId
GetForegroundWindow
GetKeyboardLayout
ToUnicodeEx

secur32

QueryContextAttributesW
ApplyControlToken
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Thrd_yield
_Lock_shared_ptr_spin_lock
_Unlock_shared_ptr_spin_lock
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?_Random_device@std@@YAIXZ
??7ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAHH@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??Bios_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Cnd_timedwait
_Mtx_current_owns
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_signal
_Cnd_broadcast
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_id
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
_Thrd_hardware_concurrency

vcruntime140

__std_terminate
_purecall
__current_exception_context
__current_exception
__C_specific_handler
strchr
strstr
strrchr
__std_type_info_compare
memchr
memset
__std_exception_destroy
memcmp
memmove
__CxxFrameHandler3
memcpy
_CxxThrowException
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strspn
strpbrk
strncmp
strcspn
strncpy
strcmp
isspace
strncat_s
_strdup
isdigit
strlen

api-ms-win-crt-math-l1-1-0

ceilf
llround
log1p
round
log2
trunc
pow
sqrt
truncf
exp
log
ceil
__setusermatherr
_fdopen
floor

api-ms-win-crt-heap-l1-1-0

realloc
_aligned_free
free
_callnewh
_set_new_mode
_aligned_malloc
malloc
calloc

api-ms-win-crt-convert-l1-1-0

_wtoi64
strtod
wcstombs
strtol
strtoll
strtoull
strtoul
atoi

api-ms-win-crt-stdio-l1-1-0

fseek
_fseeki64
fputs
feof
ftell
fread
fputc
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_set_fmode
_open
_write
fgets
_fileno
_lseeki64
fclose
_close
fwrite
__p__commode
fopen
__stdio_common_vsscanf
__stdio_common_vfprintf
fflush
_read
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_register_onexit_function
_initialize_onexit_table
_errno
_initterm
strerror_s
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_beginthreadex
_set_app_type
_seh_filter_exe
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__sys_nerr
__sys_errlist
abort
_invalid_parameter_noinfo_noreturn
_exit

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64_s
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_fstat64
_stat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 34.3MB - Virtual size: 34.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

503e03e19c4b02066918bd2689819746

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

shlwapi

ws2_32

crypt32

bcrypt

advapi32

kernel32

ntdll

ole32

shell32

user32

secur32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 34.3MB - Virtual size: 34.3MB

.rdata Size: 21.3MB - Virtual size: 21.3MB

.data Size: 141KB - Virtual size: 157KB

.pdata Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 130KB - Virtual size: 129KB

.text
Size: 34.3MB - Virtual size: 34.3MB

.rdata
Size: 21.3MB - Virtual size: 21.3MB

.data
Size: 141KB - Virtual size: 157KB

.pdata
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 130KB - Virtual size: 129KB