patent | Triage

Sharing

Copy URL Twitter E-mail

General

Target

patent
Size

5.8MB
MD5

945980be97b79384e8b5155ddf8ba25f
SHA1

dcfe71c63bdc82b0a74999d7dcac1a26271c424a
SHA256

a3a0e61d932cc6e8346e1f03f04ae97918b8dafadf49c130e184bec38ae13b3a
SHA512

aa1b85f012970959dae042f0ba8be2651f973f9e2c90edf204d47d6fbdf4a3058de28f1e56c426f7357821257100d3a380f74f7fdb02d8a8fc6d06e7b27708d3
SSDEEP

49152:NCQd5qg/aFDcnW3RKilf6KVEjf8u3SekD92D+ZNutQN9/CfegBbpPC5gPeB0KxFJ:YUes38jix7f3meqDg9ao/lu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
patent

Files

patent
.exe windows:6 windows x64 arch:x64

4dc6a97b5fc45a9631672e2cc5dd45eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

topographicbirthwortGE.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

bcryptprimitives

ProcessPrng

kernel32

CreateDirectoryW
FindFirstFileW
FindClose
SetFilePointerEx
FlushFileBuffers
GetFullPathNameW
GetFileInformationByHandleEx
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
GetTempPathW
CreateThread
SetThreadStackGuarantee
GetCurrentThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
DeleteFileW
CopyFileExW
UnhandledExceptionFilter
GetEnvironmentVariableW
lstrlenW
SetUnhandledExceptionFilter
PostQueuedCompletionStatus
GetCommandLineW
RtlPcToFileHeader
TerminateProcess
GetCurrentDirectoryW
FormatMessageW
GetProcAddress
GetModuleHandleA
Sleep
IsProcessorFeaturePresent
SetFileCompletionNotificationModes
CreateIoCompletionPort
AddVectoredExceptionHandler
InitializeSListHead
GetQueuedCompletionStatusEx
IsDebuggerPresent
RtlUnwindEx
EncodePointer
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetFinalPathNameByHandleW
SetLastError
GetModuleHandleW
GetSystemInfo
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
QueryPerformanceFrequency
SwitchToThread
FindNextFileW
SetFileInformationByHandle
SetWaitableTimer
GetModuleFileNameW
CreateFileW
TlsGetValue
GetLastError
CreateWaitableTimerExW
CloseHandle
TlsSetValue
TlsFree
LoadLibraryExW
WriteConsoleW
MultiByteToWideChar
WaitForSingleObject
HeapReAlloc
HeapFree
GetConsoleMode
GetStdHandle
GetFileInformationByHandle
CreateNamedPipeW

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SafeArrayDestroy
VariantClear
SafeArrayAccessData

crypt32

CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateStore
CertOpenStore
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateCertificateChain

advapi32

SystemFunction036
RegQueryValueExW
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid

user32

EnumDisplaySettingsExW
GetMonitorInfoW
EnumDisplayMonitors

ws2_32

getsockopt
connect
WSASocketW
send
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
WSAIoctl
WSASend
accept
bind
shutdown
closesocket
ioctlsocket
socket
getsockname
WSAGetLastError
getpeername
setsockopt
select
listen
recv

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtDeviceIoControlFile
NtCreateFile
NtReadFile

bcrypt

BCryptGenRandom

secur32

DeleteSecurityContext
EncryptMessage
ApplyControlToken
FreeCredentialsHandle
QueryContextAttributesW
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA

gdi32

DeleteDC
GetObjectW
GetDeviceCaps
GetDIBits
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteObject

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession

api-ms-win-crt-math-l1-1-0

exp2f
roundf
_dclass
__setusermatherr
ceil
truncf
log
pow

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strcspn
strcpy_s
strncmp
wcsncmp

api-ms-win-crt-heap-l1-1-0

_msize
calloc
free
realloc
_set_new_mode
malloc

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
abort
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_endthreadex
_beginthreadex
_initialize_onexit_table
_register_onexit_function
terminate
_initterm
_crt_atexit
_exit
exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dc6a97b5fc45a9631672e2cc5dd45eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

oleaut32

crypt32

advapi32

user32

ws2_32

ntdll

bcrypt

secur32

gdi32

ole32

rstrtmgr

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 87KB - Virtual size: 86KB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 87KB - Virtual size: 86KB

.reloc
Size: 58KB - Virtual size: 58KB