5dc2809f98f50cdad327931cbf693010229e801acb5b6d62a754c1a1becde401

Sharing

Copy URL Twitter E-mail

General

Target

5dc2809f98f50cdad327931cbf693010229e801acb5b6d62a754c1a1becde401
Size

8.6MB
MD5

13fb3cf7f06a213615a8441b0b816254
SHA1

e923bad787300e57b41ddb5413c934dbda3535b2
SHA256

5dc2809f98f50cdad327931cbf693010229e801acb5b6d62a754c1a1becde401
SHA512

ed014bd4f5b79e53fb4bc8134ea0629d4427e2da5bc4c53cb8b11a57435dae582779d7a5a531acb4bbb211b21a84b84674d047f39c2efb2a343fcabcf9558463
SSDEEP

49152:dcl0ApVpHgmS7VJqjHEVV7c9LdVsmwYXjQHcX8BcHLmkN6uXa7f2utv85FuV6Zzr:2WAJLuGuXod3MBet1VIGgAcKLX4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc2809f98f50cdad327931cbf693010229e801acb5b6d62a754c1a1becde401

Files

5dc2809f98f50cdad327931cbf693010229e801acb5b6d62a754c1a1becde401
.exe windows:6 windows x64 arch:x64

34ba311bb636c929ea28f412b03070c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\devbox\bytecoin\bin\walletd.pdb

Imports

kernel32

SetConsoleCP
SetConsoleOutputCP
SetConsoleTextAttribute
SetEvent
SleepEx
CreateEventW
Sleep
GetSystemTimeAsFileTime
CreateWaitableTimerA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
GetSystemInfo
GetVersionExA
GetModuleHandleA
GetProcAddress
MoveFileExW
FlushFileBuffers
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
LockFile
LockFileEx
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
GetOverlappedResult
ReleaseMutex
CreateMutexA
CreateEventA
SignalObjectAndWait
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
OpenProcess
GetVersion
VirtualAlloc
MapViewOfFileEx
FlushViewOfFile
UnmapViewOfFile
OpenMutexA
CreateFileMappingA
SetFilePointerEx
RtlCaptureStackBackTrace
SetThreadExecutionState
GetTickCount
QueryPerformanceCounter
SetConsoleMode
CreateFileMappingW
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
GetVersionExW
CreateMutexW
GetTempPathW
UnlockFileEx
GetFullPathNameA
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetConsoleMode
IsValidCodePage
ReadFile
GetStdHandle
VerifyVersionInfoA
FormatMessageA
LocalFree
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
QueueUserAPC
WaitForMultipleObjects
SetWaitableTimer
WaitForSingleObject
DeleteCriticalSection
ReadConsoleW
ResetEvent
GetModuleHandleW
InitializeSListHead
UnhandledExceptionFilter
VerSetConditionMask
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleExW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
ReadConsoleA
VirtualFree
WriteConsoleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
GetLastError
CloseHandle
MapViewOfFile

user32

GetSystemMetrics
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoUninitialize

advapi32

CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptAcquireContextA
CryptEnumProvidersW
CryptSignHashW
CryptGenRandom
CryptDestroyHash
CryptCreateHash
CryptDecrypt
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcp140

_Thrd_start
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_destroy
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_signal
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Thrd_hardware_concurrency
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?classic@locale@std@@SAAEBV12@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mbrtowc
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z

ws2_32

freeaddrinfo
ntohs
gethostbyname
shutdown
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSARecvFrom
select
bind
ntohl
listen
htons
WSACleanup
__WSAFDIsSet
accept
setsockopt
closesocket
connect
ioctlsocket
WSAStartup
socket
getaddrinfo
WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSASendTo
getpeername
WSASend
getnameinfo
recv
htonl
send
getsockname
getsockopt

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtCreateSection
NtMapViewOfSection
NtClose

crypt32

CertOpenSystemStoreA
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

dbgeng

DebugCreate

vcruntime140

strstr
wcsstr
strrchr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
memchr
memcmp
memcpy
memmove
memset
__std_type_info_name
strchr
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_c_exit
strerror_s
_set_app_type
_endthreadex
exit
_beginthreadex
__p___argv
raise
__p___argc
_crt_atexit
_exit
_crt_at_quick_exit
_initterm
_configure_narrow_argv
_errno
signal
_get_initial_narrow_environment
_seh_filter_exe
strerror
terminate
abort
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_cexit
_initterm_e

api-ms-win-crt-heap-l1-1-0

_callnewh
_aligned_malloc
_msize
_aligned_free
free
calloc
_set_new_mode
realloc
malloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
strtoll
strtoull

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
remove

api-ms-win-crt-stdio-l1-1-0

fopen
__stdio_common_vsprintf
__acrt_iob_func
fflush
_setmode
_fileno
fwrite
ftell
fseek
fread
fgets
ferror
feof
fclose
__stdio_common_vswprintf
__stdio_common_vfprintf
_isatty
__stdio_common_vsscanf
_set_fmode
fputs
__p__commode

api-ms-win-crt-string-l1-1-0

_stricmp
strncpy
strcspn
iscntrl
isspace
strncmp
_strnicmp
strspn
isdigit
strcmp
tolower
_strdup

api-ms-win-crt-math-l1-1-0

log2
ceil
exp
floor
log
pow
sqrt
__setusermatherr

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
_localtime64
_time64

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

bcrypt

BCryptGenRandom

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 799B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34ba311bb636c929ea28f412b03070c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

advapi32

msvcp140

ws2_32

mswsock

ntdll

crypt32

dbgeng

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

bcrypt

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 128KB - Virtual size: 149KB

.pdata Size: 343KB - Virtual size: 342KB

.idata Size: 26KB - Virtual size: 25KB

.tls Size: 1024B - Virtual size: 799B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 66KB - Virtual size: 65KB

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 128KB - Virtual size: 149KB

.pdata
Size: 343KB - Virtual size: 342KB

.idata
Size: 26KB - Virtual size: 25KB

.tls
Size: 1024B - Virtual size: 799B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 66KB - Virtual size: 65KB