ecff2c205c13bef7e50fef25951ca267ac11c4063b5810e25cad9fe113bf2491

Sharing

Copy URL Twitter E-mail

General

Target

ecff2c205c13bef7e50fef25951ca267ac11c4063b5810e25cad9fe113bf2491
Size

620KB
MD5

ffcfc10b553319fdcc57bd28a9e58d27
SHA1

06fe253d3560c39108c78bf0e12d8b945526cbb4
SHA256

ecff2c205c13bef7e50fef25951ca267ac11c4063b5810e25cad9fe113bf2491
SHA512

be31da014e64cb47b3ffe369dea1950e5e114bd64ea66afa59a9d67d4708f81e3485967981f94a558b56bd5b08dec2f831280dc0fd7d52b5af4bdabc9e906f70
SSDEEP

12288:qQAaGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:1A9t/sBlDqgZQd6XKtiMJYiPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecff2c205c13bef7e50fef25951ca267ac11c4063b5810e25cad9fe113bf2491

Files

ecff2c205c13bef7e50fef25951ca267ac11c4063b5810e25cad9fe113bf2491
.exe windows:5 windows x64 arch:x64

f9d503fa95ec668dd66a38f9103217e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\pgosweep.pdb

Imports

advapi32

OpenProcessToken

kernel32

GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
WaitForSingleObject
OpenEventW
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateEventW
Sleep
GetLastError
SetEvent
WaitForSingleObjectEx
PulseEvent
ResetEvent
OpenMutexW
MapViewOfFileEx
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
FormatMessageW
LocalFree
SystemTimeToFileTime
GetSystemTime
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
WriteFile
GetFileType
GetUserDefaultUILanguage
LoadResource
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileW
FindClose
SetLastError
GetEnvironmentVariableW
TerminateProcess
GetCurrentProcess

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
wcschr
__current_exception
__current_exception_context
memset
__std_exception_copy
__std_exception_destroy
wcsstr
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_crt_atexit
terminate
__p___argc
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
_fileno
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
fseek
fclose
fread
fflush
_wfsopen
putchar
__p__commode
fputs
_get_osfhandle
_set_fmode
__acrt_iob_func
fwrite

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_wremove
_wfullpath

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscmp
wcstok_s
_wcsdup
wcscat_s
_strupr_s
wcsncpy_s
wcsncat_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

ole32

CoCreateGuid

ntdll

NtOpenSection
RtlLookupFunctionEntry
NtOpenMutant
NtOpenEvent
RtlInitUnicodeString
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-crt-convert-l1-1-0

_wtoi64
wcstoul
wcstol
_itow_s

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-conio-l1-1-0

_cputws

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9d503fa95ec668dd66a38f9103217e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

psapi

ole32

ntdll

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 135KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 135KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 568KB - Virtual size: 572KB