6b449b62d8abb3c8831ef95ea253eecc18a99dd55f27f67e9e9d98f9ce8a0e41

Sharing

Copy URL

Twitter E-mail

General

Target

6b449b62d8abb3c8831ef95ea253eecc18a99dd55f27f67e9e9d98f9ce8a0e41
Size

1.8MB
MD5

a06a6acf111107b29d8425c08ed65fd8
SHA1

2d85abf8cea7321654d44da6392d35dcd224e42b
SHA256

6b449b62d8abb3c8831ef95ea253eecc18a99dd55f27f67e9e9d98f9ce8a0e41
SHA512

9ca28e014e0cf28eeb08b887e3448349627fd4a6986595fffd37143ad2ac49346c01e3542042a2fbe5cab5c6b59ff9af877af6c7efea62243c98113572f17964
SSDEEP

24576:MeoHGZwOf1drXDuSWWmijPz2MPOOsx8KCwze0:MeoHOf1NumjPzPE68C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b449b62d8abb3c8831ef95ea253eecc18a99dd55f27f67e9e9d98f9ce8a0e41

Files

6b449b62d8abb3c8831ef95ea253eecc18a99dd55f27f67e9e9d98f9ce8a0e41
.exe windows:6 windows x64 arch:x64

bca29c621965b9b64e2d79240618a26a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\cl.pdb

Imports

advapi32

CryptGenRandom
EventRegister
CryptAcquireContextW
EventWrite
CryptReleaseContext
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

ReadFile
FindFirstFileW
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
SetEnvironmentVariableW
SetErrorMode
GetEnvironmentVariableW
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
FreeEnvironmentStringsW
GetLastError
DeleteFileW
CloseHandle
RaiseException
GetSystemInfo
LoadLibraryW
GetCurrentDirectoryW
SwitchToThread
DecodePointer
GetProcAddress
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetEnvironmentStringsW
VirtualQuery
LoadLibraryExW
GetFullPathNameW
GetTempPathW
GetDiskFreeSpaceExW
SetConsoleCtrlHandler
SearchPathW
GetConsoleScreenBufferInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenEventW
SetEvent
CreateProcessW
GetExitCodeProcess
GetConsoleOutputCP
WriteFile
GetACP
GetConsoleMode
QueryPerformanceFrequency
LoadResource
FindResourceW
WideCharToMultiByte
GetFileType
QueryPerformanceCounter
VirtualFree
VirtualAlloc
UnmapViewOfFile
MapViewOfFileEx
GetStartupInfoW
GetStdHandle
WaitForMultipleObjects
SetThreadPriority
CreatePipe
CreateMutexW
DuplicateHandle
Sleep
CreateThread
GetCurrentProcessId
HeapFree
FindNextFileW
GetUserDefaultUILanguage
EncodePointer
HeapAlloc
GetProcessHeap
CreateEventW
GetTickCount64
VirtualProtect
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetFileInformationByHandleEx
LocalFree
FormatMessageA
AreFileApisANSI
GetFileAttributesExW

vcruntime140

_CxxThrowException
__current_exception
memset
__C_specific_handler
memmove
memcpy
__std_exception_destroy
__std_exception_copy
wcschr
wcsstr
__current_exception_context
wcsrchr

api-ms-win-crt-string-l1-1-0

wcscat_s
wcspbrk
iswspace
wcsspn
_wcsicmp
wcsncmp
iswdigit
wcsncpy_s
_wcsupr_s
_wcslwr_s
wcscmp
_wcsdup
wcsncat_s
wcsnlen
towlower
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
__p__wpgmptr
_register_thread_local_exe_atexit_callback
_c_exit
terminate
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_cexit
_set_app_type
_seh_filter_exe
_errno
_wsystem
exit
__doserrno
_crt_atexit
_get_wpgmptr
_invalid_parameter_noinfo
__p___wargv

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_wfullpath
_waccess_s
_wmakepath_s
_wsplitpath_s
_wunlink
_wremove

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
setlocale

api-ms-win-crt-stdio-l1-1-0

_write
fputws
_get_osfhandle
getwchar
_dup2
_flushall
__stdio_common_vfprintf
__stdio_common_vswprintf_s
_fileno
_setmode
__stdio_common_vswprintf
puts
_wfopen_s
__stdio_common_vfwprintf_s
_wfsopen
fopen
_set_fmode
__p__commode
feof
fgetws
fclose
__acrt_iob_func
fflush
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
__stdio_common_vfwprintf
_isatty

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow_s
wcstol
_wtoi64
wcstoul

api-ms-win-crt-environment-l1-1-0

_wputenv_s
_wgetenv_s
_wdupenv_s
getenv
_wgetcwd

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_set_new_mode
free

api-ms-win-crt-process-l1-1-0

_wspawnv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-conio-l1-1-0

_cputws

api-ms-win-crt-time-l1-1-0

_ftime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceilf

ole32

CoCreateGuid
StringFromGUID2

msvcp140

?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

vcruntime140_1

__CxxFrameHandler4

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bca29c621965b9b64e2d79240618a26a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

ole32

msvcp140

vcruntime140_1

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 9KB - Virtual size: 27KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 9KB - Virtual size: 27KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB