deaab2c6106e5f7f6af6fe73b9d946100a1495f58ffeb59361c8670b13595e53

Sharing

Copy URL Twitter E-mail

General

Target

deaab2c6106e5f7f6af6fe73b9d946100a1495f58ffeb59361c8670b13595e53
Size

259KB
MD5

556a7ad71690587210392365902f4afd
SHA1

0f76b5d6f80a94faa2517283e6cfa3beef876083
SHA256

deaab2c6106e5f7f6af6fe73b9d946100a1495f58ffeb59361c8670b13595e53
SHA512

c8d218315a134211ed1c9f370550537e302c4962ccf52c9e69e7e9dda21161dc6482a83415aaf91ccf16f12309aabee4a2e9e7b7ff9e8dd0809ddced213092ee
SSDEEP

3072:3I5Nzd7398vxuYr+kdRYDuSLRWaexv1z9uZJGYzKor7+rPmQX7vU0PNXLRejbxO:ueYDzLMamRoZJ5WPwmLi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deaab2c6106e5f7f6af6fe73b9d946100a1495f58ffeb59361c8670b13595e53

Files

deaab2c6106e5f7f6af6fe73b9d946100a1495f58ffeb59361c8670b13595e53
.exe windows:6 windows x64 arch:x64

31762f3046ebee3581f2d67cf3830e01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Build\Build_1091w_D20240814T145014\fa_rss\Watchdog\x64\Release\Watchdog.pdb

Imports

urlmon

URLDownloadToFileW

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle

kernel32

GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetConsoleMode
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GetCommandLineA
GetOEMCP
GetACP
WriteConsoleW
HeapSize
IsValidCodePage
SetFilePointerEx
QueryPerformanceCounter
LocalFree
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetEnvironmentVariableW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCPInfo
ExitProcess
GetStdHandle
WriteFile
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStringTypeW

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetFolderPathW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31762f3046ebee3581f2d67cf3830e01

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

winhttp

kernel32

advapi32

shell32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB