ascentfn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ascentfn.exe
Size

603KB
MD5

0c393c16130670e729c7503cd0ca71c4
SHA1

7cdf3f4a57805759ccad2f0c367bf0b6984d2a44
SHA256

402740bcaaacd0a253fe211186779dc64a63ea31390952b62544691e1f7d9b0f
SHA512

5206a98eec43e35ac44d56d593178dd65a6e362ead6cb9b6cfe56645d77652e858bef8965401b11c8d04e48a118abd91f1eff5cf6596f222fb5330987110ed9a
SSDEEP

6144:LYpW0VLo2AaBy8pKWym4nS4yL5CFKBCR4KBGll6+it+mokoOoCMn6NkIVCp7H3zt:UptVEtm4D4Xl6n+kXMn6qIV2f7KK2h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ascentfn.exe

Files

ascentfn.exe
.exe windows:6 windows x64 arch:x64

8f6864b3a78e74aecd433e5804ee3438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\udtillbattlebus-external-main\udtillbattlebus-external-main\build\ascentfn.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

dwmapi

DwmExtendFrameIntoClientArea

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
CreateEventA
WaitForMultipleObjects
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
Sleep
TerminateProcess
OpenProcess
GetTickCount
VirtualProtect
VirtualQuery
GetCurrentThreadId
SetConsoleTitleA
CreateFileA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Process32First
Process32Next
GetSystemTimeAsFileTime
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead
OutputDebugStringW
CloseHandle
IsDebuggerPresent
GetConsoleWindow
GetCurrentProcessId
InitializeCriticalSectionEx
lstrcmpiA

user32

GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowA
GetDesktopWindow
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
GetWindowRect
GetWindowTextA
UpdateWindow
SetMenu
GetSystemMetrics
mouse_event
GetAsyncKeyState
SetWindowPos
ShowWindow
DestroyWindow
PeekMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
OpenClipboard
CloseClipboard
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard

msvcp140

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

libcurl

curl_easy_strerror
curl_easy_perform
curl_slist_append
curl_global_cleanup
curl_global_init
curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_slist_free_all
curl_easy_setopt

vcruntime140

memcpy
memmove
memset
strstr
memchr
__C_specific_handler
__current_exception
__current_exception_context
__std_terminate
__std_exception_copy
memcmp
__std_exception_destroy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
_wfopen
ungetc
setvbuf
_popen
_pclose
_set_fmode
_fseeki64
fsetpos
fputc
fgets
fgetpos
fwrite
__p__commode
fclose
__stdio_common_vfprintf
fgetc
_get_stream_buffer_pointers
fflush
fread
ftell
fseek

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
exit
_initterm
system
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
terminate
_cexit
_beginthreadex
_get_initial_narrow_environment
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-math-l1-1-0

asin
__setusermatherr
acosf
powf
sqrtf
cosf
ceilf
atan2
sinf
tanf

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-string-l1-1-0

strcmp
tolower

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
remove

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f6864b3a78e74aecd433e5804ee3438

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

dwmapi

ntdll

kernel32

user32

msvcp140

imm32

d3dcompiler_47

libcurl

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 165KB - Virtual size: 167KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 165KB - Virtual size: 167KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 888B