b8d549fe18b2afbca8271b071247e030N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b8d549fe18b2afbca8271b071247e030N.exe
Size

9.2MB
MD5

b8d549fe18b2afbca8271b071247e030
SHA1

917852780f52c584d15a287fe177da7149ed5ec5
SHA256

29a63e656668f8c722486e48bd88145c33e7e0aed7f2200566176ffa6f556e4c
SHA512

7ab987ea5ca145d94535f98df550e3f29d5ca73027a0120a3981b1d8a053add94f2604ccb9e809b51962c53efae354e3d1675a8a0d3ae384ba03afeb1010c91a
SSDEEP

98304:6VWt2PvO1J2dHyiQRnZWQlmYjQXb7QRqWf8tsDTpmLuRcSRNcaWROqlovLWHX5tc:V1Rw5lR9vnP+j6PbQ+8mVKDpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8d549fe18b2afbca8271b071247e030N.exe

Files

b8d549fe18b2afbca8271b071247e030N.exe
.exe windows:6 windows x64 arch:x64

b196f323187d5b076007f0e3b512a412

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pc\Desktop\gw2\launchers\oktw-launcher\src-tauri\target\release\deps\oktw.pdb

Imports

kernel32

CreateProcessA
lstrlenW
WaitForSingleObject
ResumeThread
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetModuleHandleW
GetUserDefaultUILanguage
LCIDToLocaleName
InitializeSListHead
LoadLibraryW
GetCurrentThreadId
VirtualProtectEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TryAcquireSRWLockExclusive
IsProcessorFeaturePresent
FormatMessageW
VirtualAllocEx
RtlPcToFileHeader
WriteProcessMemory
ResetEvent
RaiseException
HeapFree
TerminateProcess
GetLastError
SetEvent
CreateEventW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetSystemTimeAsFileTime
HeapAlloc
CreateThread
WriteConsoleW
MultiByteToWideChar
ReadProcessMemory
GetFullPathNameW
ExitProcess
FreeLibrary
RtlUnwindEx
GetProcAddress
GetFinalPathNameByHandleW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
FindClose
FindNextFileW
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
HeapReAlloc
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
GetProcessHeap
TlsFree
GetCurrentThread
CloseHandle
GetEnvironmentVariableW
SleepConditionVariableSRW
GetSystemInfo
QueryPerformanceFrequency
DeleteCriticalSection
ReleaseSRWLockExclusive
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
RtlUnwind
WakeConditionVariable
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
AcquireSRWLockExclusive
WakeAllConditionVariable
GetCommandLineW
SetFileInformationByHandle
GetCurrentProcessId
GetStdHandle

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

user32

GetSystemMenu
SetWindowLongW
SendMessageW
DestroyIcon
DestroyAcceleratorTable
ToUnicodeEx
GetKeyboardLayout
SetForegroundWindow
GetMessageA
DispatchMessageA
SetWindowDisplayAffinity
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
GetDC
SetWindowPos
SystemParametersInfoA
GetWindowLongPtrW
CreateAcceleratorTableW
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetMenu
GetWindowRect
VkKeyScanW
MapVirtualKeyExW
IsWindow
GetSystemMetrics
RegisterTouchWindow
GetKeyState
GetAsyncKeyState
SetCursor
GetKeyboardState
InvalidateRgn
CloseTouchInputHandle
CreateIcon
GetRawInputData
ScreenToClient
ValidateRect
GetTouchInputInfo
SendInput
ShowWindow
RedrawWindow
DestroyWindow
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
RegisterClassExW
EnumChildWindows
TrackMouseEvent
PostMessageW
MonitorFromRect
LoadCursorW
ClientToScreen
CreateWindowExW
GetClientRect
GetWindowLongW
GetUpdateRect
PeekMessageW
PostThreadMessageW
IsWindowVisible
PostQuitMessage
GetForegroundWindow
GetActiveWindow
SetCursorPos
ReleaseCapture
IsIconic
SetMenu
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
OleInitialize
CoInitializeEx
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop

shell32

DragFinish
DragQueryFileW
SHCreateItemFromParsingName
ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ntdll

NtWriteFile
RtlNtStatusToDosError
NtQueryInformationProcess

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

uxtheme

SetWindowTheme

advapi32

SystemFunction036
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

pow
trunc
__setusermatherr
floor
round

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
wcslen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
_c_exit
terminate
_exit
exit
_seh_filter_exe
_initterm_e
_set_app_type
_initterm
_configure_narrow_argv
_initialize_onexit_table
abort
_initialize_narrow_environment
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
free
_set_new_mode

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b196f323187d5b076007f0e3b512a412

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

ole32

shell32

gdi32

dwmapi

ntdll

oleaut32

uxtheme

advapi32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 1KB - Virtual size: 12KB

.pdata Size: 170KB - Virtual size: 169KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 1KB - Virtual size: 12KB

.pdata
Size: 170KB - Virtual size: 169KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 35KB - Virtual size: 35KB