ion.pdb
Static task
static1
1 signatures
General
-
Target
wave_key_storage.exe
-
Size
11.1MB
-
MD5
e02d34d6f957ec1242d23db4ba46df87
-
SHA1
be9b5f0091dd3a9b21313ae6cc0d9c4879638c53
-
SHA256
8c036461e42f9aa8227f77e217b520e6595515129b21188ce56446576a2e67c8
-
SHA512
2ef3280692bc3821612ee373ba8661b72d9da4fba45cc6a9be7f2cc582c9e05cad316840e549edf8291003265c64eb055af0bbdd53932e1fef54f92f820fd5e7
-
SSDEEP
49152:U3aFegIbOsGTsiQrpukjmBQT8ca7qbwKk9PJVa7JvujP9Spx8YwZkiEDV8EOzBIf:qa4VeipnGNOy0jX7lnSDkAxsb77J
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource wave_key_storage.exe
Files
-
wave_key_storage.exe.exe windows:6 windows x64 arch:x64
c4f7b66b79cb7f4aa14f9458caa95d42
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WakeByAddressSingle
WakeByAddressAll
WaitOnAddress
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
crypt32
CertDuplicateStore
CryptUnprotectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
kernel32
CreateMutexA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
lstrlenW
GetModuleHandleA
LocalFree
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetHandleInformation
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetOverlappedResult
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
GetStdHandle
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
ReleaseMutex
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetModuleHandleW
GetModuleFileNameW
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
CreateThread
secur32
DecryptMessage
EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
FreeContextBuffer
QueryContextAttributesW
AcceptSecurityContext
ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
ws2_32
WSASend
send
recv
shutdown
getpeername
getsockname
connect
bind
WSASocketW
closesocket
WSAIoctl
getsockopt
setsockopt
ioctlsocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
ntdll
NtWriteFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
vcruntime140
__current_exception_context
strchr
__current_exception
_CxxThrowException
__C_specific_handler
strrchr
memchr
memcmp
memmove
memset
memcpy
__CxxFrameHandler3
api-ms-win-crt-string-l1-1-0
strncmp
strcmp
strcspn
strlen
strspn
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
realloc
_msize
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-math-l1-1-0
__setusermatherr
log
fabs
_dclass
api-ms-win-crt-runtime-l1-1-0
exit
_initterm_e
__p___argc
__p___argv
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type
_seh_filter_exe
_endthreadex
_beginthreadex
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_exit
_register_onexit_function
_crt_atexit
_initterm
_get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 8.3MB - Virtual size: 8.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 84KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 486KB - Virtual size: 486KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ