VZNTemporary[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VZNTemporary.exe
Size

570KB
MD5

f4733d8c2a9ffb3270ea814f744a5f40
SHA1

89670951f36a2d4a5f507746f182b1fa99340664
SHA256

aeaf4067feaedb345316afdb629cd98e856e2e767844b62514a89798dc47816c
SHA512

f282b38f3ec3aec593d663c0d1e9dcae7afdb293a23fd7e88debfbe2857d2689c3ddcd554eca8b2241293fa4e3ccf5af8e3f95b5fb4487f26623d13b6cf9f9b7
SSDEEP

12288:D/VZ5cCl9Tc4ghEuZy14TTqWYgeWYg955/155/ktred/ekRz:D/VZKCl9TghEerTTgtred/ek

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VZNTemporary.exe

Files

VZNTemporary.exe
.exe windows:6 windows x64 arch:x64

362361b3ae6c585aef77afaa61370f59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vexxydevs\Desktop\Woofer Src\x64\Release\eacudud1337pro.pdb

Imports

kernel32

SetLastError
GetCurrentProcess
GetStdHandle
WriteFile
OutputDebugStringA
GetVolumeInformationA
CreateFileW
OpenFileMappingW
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
GlobalAddAtomA
GetLastError
CreateFileA
GetCurrentThread
VirtualProtect
CloseHandle
GetThreadContext
Beep
GetProcAddress
GetFileSize
DebugBreak
VirtualQuery
IsDebuggerPresent
GetComputerNameA
CheckRemoteDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
IsProcessorFeaturePresent
Process32First
Process32Next
ReadFile
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

FindWindowW
FindWindowA
MessageBoxA

advapi32

GetUserNameA
GetCurrentHwProfileA

msvcp140

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??Bios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Thrd_detach
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ

winhttp

WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest

ws2_32

__WSAFDIsSet
closesocket
WSAGetLastError
connect
WSACleanup
ioctlsocket
getaddrinfo
getpeername
getsockname
getsockopt
WSAStartup
socket
shutdown
ntohs
setsockopt
send
select
getnameinfo
WSASocketW
recv
freeaddrinfo

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
_CxxThrowException
__std_type_info_name
__std_type_info_compare
strchr
memchr
memset
memmove
memcpy
memcmp
__C_specific_handler
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
system
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_beginthreadex
_seh_filter_exe
exit
_cexit
_register_onexit_function

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
realloc
free
malloc
_aligned_free
_aligned_malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__p__commode
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-string-l1-1-0

tolower
strncmp
strcmp
_stricmp
strlen
isdigit

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dtest
_dsign

api-ms-win-crt-utility-l1-1-0

_byteswap_ulong
rand

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoll
strtoul
strtoull

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

362361b3ae6c585aef77afaa61370f59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

winhttp

ws2_32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 23KB - Virtual size: 29KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 23KB - Virtual size: 29KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 4KB