c10614dd77c25176b5b1c91e68e6d510f609bf3609e7eb6ba031174aa9401044

Sharing

Copy URL Twitter E-mail

General

Target

c10614dd77c25176b5b1c91e68e6d510f609bf3609e7eb6ba031174aa9401044
Size

197KB
MD5

78d335140c5301836044bba36df9e76c
SHA1

3f19672ea2deaebbf1af06941cf122d7adbfa1d2
SHA256

c10614dd77c25176b5b1c91e68e6d510f609bf3609e7eb6ba031174aa9401044
SHA512

e8e7097160f8cc9dff8f24882ed85a2c715d6bf9b611196dd311e292526496b19dd06b6bd2e60033c04a113e045f4e50548634e969fd88ad0065a06d6b81491c
SSDEEP

3072:pKw12B1TIzD/+c2pUHpLZvbMcU0QxTiONLrFEy4618pVoCWaYkjP1wGZE+:pLJ/+c2pUHpLOL0QggXve/ljjZp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c10614dd77c25176b5b1c91e68e6d510f609bf3609e7eb6ba031174aa9401044

Files

c10614dd77c25176b5b1c91e68e6d510f609bf3609e7eb6ba031174aa9401044
.exe windows:6 windows x64 arch:x64

b8fb41239af4386f6ad7dd89df825c3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_dotnet_crypter.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress

kernel32

DeleteCriticalSection
CreateFileW
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
CloseHandle
Sleep
HeapFree
LoadLibraryA
GetProcAddress
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapReAlloc
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
SetLastError
HeapAlloc
GetProcessHeap
FreeLibrary
FormatMessageW
GetConsoleOutputCP
FlushFileBuffers
HeapSize
LCMapStringW
CompareStringW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

ntdll

NtWriteFile
RtlNtStatusToDosError

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8fb41239af4386f6ad7dd89df825c3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

oleaut32

ntdll

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 2KB - Virtual size: 1KB