cartographer[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

cartographer.7z
Size

1.7MB
MD5

3eda16551a8abe6e84ca2687a17115d8
SHA1

c72aec5d13f504fa19aaff52e9d584c09ad87832
SHA256

8ef75ee22cba561b8fdbcc75a9b73f1eacf277f87d5a094882a0297c8aea6537
SHA512

372bf8931eb4b8bf625d7a893e8d6254fd17b30dbbfa43eadaef16fc0ce745c916e6f7b8006b5c264cf776013d06a560ec3718965980b21ad830cc0c58cbe0de
SSDEEP

49152:Hd85NxIxT1f5/pOvsQtfODIbpQTiqrZMnFkQR:Hm5A1fByBg8pQLZMneW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cartographer.exe

Files

cartographer.7z
.7z

Password: infected
cartographer.exe
.exe windows:6 windows x64 arch:x64

Password: infected

5738b893f217a1ac139c990fb3cfc77c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cartographer.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
GetStdHandle
RtlLookupFunctionEntry
RtlCaptureContext
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
GetSystemInfo
QueryPerformanceCounter
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandleEx
WaitForSingleObject
FindFirstFileW
DeleteFileW
GetCommandLineW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
SetConsoleMode
GetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetFileInformationByHandle
OpenProcess
Process32Next
Process32First
FormatMessageW
GetLastError
GetCurrentProcessId
SetFileInformationByHandle
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
DuplicateHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
Thread32Next
TerminateThread
SuspendThread
OpenThread
GetCurrentThreadId
Thread32First
CreateToolhelp32Snapshot
CloseHandle
SetFilePointerEx
HeapFree
IsProcessorFeaturePresent

user32

LoadIconW
DrawIconEx
ReleaseDC
GetSystemMetrics
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetDIBits
CreateCompatibleDC

shell32

ExtractIconW

ntdll

NtWriteFile
NtSetInformationThread
NtReadFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

vcruntime140

__current_exception_context
memcpy
__CxxFrameHandler3
memmove
memset
memcmp
_CxxThrowException
__C_specific_handler
__current_exception

api-ms-win-crt-math-l1-1-0

truncf
powf
roundf
exp2f
fmaf
log2
round
fma
exp
pow
log2f
__setusermatherr
floorf
ceil

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5738b893f217a1ac139c990fb3cfc77c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

gdi32

shell32

ntdll

bcrypt

advapi32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 142KB - Virtual size: 141KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 142KB - Virtual size: 141KB

.reloc
Size: 39KB - Virtual size: 38KB