RUS-STANDART[.]XYZ CHECKER[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RUS-STANDART.XYZ CHECKER.exe
Size

8.6MB
MD5

fc6fb5f6cb19f65ed2146f1fcc6a16c1
SHA1

09242e255dfe0b14f23e1ca7065eee2ac6aa6aff
SHA256

e4b336d41292428aae881c2213cbf72fca72def36cc4a68692009ae6be2f6d02
SHA512

ff2e938950274642fc7d5479eb1d3e0996e0bb4724587255a84314a30824538df0676f8907ad706751635532d221afa36e14768f3ddf1bc2e47e26e7cc16c8a6
SSDEEP

98304:V+hrflvg15AMNxhFf3FHM9Pui7/RTr8blLOgt6z1Ud:VCY1mo4P/hpg5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RUS-STANDART.XYZ CHECKER.exe

Files

RUS-STANDART.XYZ CHECKER.exe
.exe windows:6 windows x64 arch:x64

6da3260e4e0a339ef3c8150653b725cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

shlwapi

AssocQueryStringW

user32

GetActiveWindow
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
EnableMenuItem
SetMenuItemInfoW
SetMenu
CheckMenuItem
IsIconic
CreateMenu
CloseClipboard
RegisterHotKey
RedrawWindow
SetCapture
SetWindowLongPtrW
MapVirtualKeyW
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjectsEx
PostMessageW
GetAsyncKeyState
GetKeyboardState
SetWindowLongW
GetSystemMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
GetWindowTextW
GetWindowTextLengthW
SetWindowDisplayAffinity
RegisterRawInputDevices
SetWindowTextW
GetRawInputData
GetClientRect
UnregisterHotKey
IsProcessDPIAware
RegisterClassExW
DestroyWindow
GetWindowLongPtrW
GetMessageW
RegisterWindowMessageA
SystemParametersInfoA
IsWindowVisible
GetMenu
GetAncestor
ClipCursor
EnumChildWindows
TranslateAcceleratorW
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetWindowRect
PostQuitMessage
SendInput
GetMonitorInfoW
MonitorFromWindow
AppendMenuW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
RegisterClipboardFormatW
GetUpdateRect
ValidateRect
VkKeyScanW
SetForegroundWindow
ShowWindow
FindWindowA
MonitorFromPoint
EnumDisplayMonitors
SendMessageW
DestroyIcon
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
CreateIcon
GetForegroundWindow
SetCursorPos
SetCursor
LoadCursorW
InvalidateRgn
SetWindowPos
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ClientToScreen
ReleaseCapture
GetCursorPos
FlashWindowEx
DefWindowProcW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage

kernel32

IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
RtlPcToFileHeader
GetModuleHandleW
DeleteCriticalSection
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
lstrlenW
GetModuleHandleA
GetProcAddress
GetSystemInfo
LCIDToLocaleName
RtlUnwindEx
GetNativeSystemInfo
CloseHandle
GetProcessHeap
GetUserDefaultUILanguage
TlsAlloc
TlsGetValue
HeapAlloc
CreateMutexA
WaitForSingleObjectEx
EncodePointer
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
TlsSetValue
CancelIo
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
CopyFileExW
GlobalFree
GetFinalPathNameByHandleW
Sleep
CreatePipe
GetFileInformationByHandle
GetConsoleMode
RaiseException
GetCurrentThread
RemoveDirectoryW
MoveFileExW
DeleteFileW
GlobalAlloc
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GlobalUnlock
GlobalSize
GlobalLock
CreateFileW
FindClose
FindNextFileW
LoadLibraryA
ReleaseMutex
HeapReAlloc
GetProcessId
GetUserDefaultLocaleName
FormatMessageW
TerminateProcess
GetExitCodeProcess
GetLastError
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
FreeLibrary
DuplicateHandle
LoadLibraryExA
SetFileInformationByHandle
GetCommandLineW
WaitForSingleObject
CreateEventW
HeapFree
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetHandleInformation
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass
TaskDialogIndirect

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
OleInitialize
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitializeEx
CoIncrementMTAUsage

shell32

SHGetKnownFolderPath
SHAppBarMessage
DragFinish
ShellExecuteW
DragQueryFileW
SHCreateItemFromParsingName

advapi32

RegOpenKeyExW
EventSetInformation
RegQueryValueExW
GetTokenInformation
OpenProcessToken
EventRegister
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
RevertToSelf
SystemFunction036
ImpersonateAnonymousToken

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen

uxtheme

SetWindowTheme

ntdll

RtlGetVersion
RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses

secur32

DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW

ws2_32

closesocket
getaddrinfo
freeaddrinfo
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError

crypt32

CertOpenStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

trunc
floor
__setusermatherr
pow
round

api-ms-win-crt-string-l1-1-0

_wcsicmp
strlen
wcslen
wcsncmp
strcpy_s

api-ms-win-crt-runtime-l1-1-0

terminate
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
strerror
_crt_atexit
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
malloc
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6da3260e4e0a339ef3c8150653b725cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

shlwapi

user32

kernel32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

bcrypt

iphlpapi

secur32

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 16KB - Virtual size: 27KB

.pdata Size: 328KB - Virtual size: 328KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 16KB - Virtual size: 27KB

.pdata
Size: 328KB - Virtual size: 328KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 33KB - Virtual size: 33KB