4cafe5036e12fac84ea750ab09a42a6d[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4cafe5036e12fac84ea750ab09a42a6d.exe
Size

3.0MB
MD5

4cafe5036e12fac84ea750ab09a42a6d
SHA1

998598123dc5635e6b9199fdbba76111156a7d21
SHA256

2ab6eb8c31bcc8ef0abd6f20ea4e3a5959935a578f90bf94ba2a72183d233b25
SHA512

f745aa44f031eefc8599974b53c3898ec0aedc24d32c1bd8b43dfcf2e47f48351b838a5292eb948639dd7c51e57a8759d51e856de25f9065c2b6913baad84545
SSDEEP

49152:gzxEBrXos47V1H04BpHThuLDMYqpln3OdTbt3nA5jSK/xZ/icmv:gJXBz3+nHKDicm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cafe5036e12fac84ea750ab09a42a6d.exe

Files

4cafe5036e12fac84ea750ab09a42a6d.exe
.exe windows:6 windows x64 arch:x64

c9e57eae0ce5e40df7927e87d1231403

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Rusty.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetCurrentProcess
LocalFree
UnregisterWaitEx
GetCurrentThreadId
CreateIoCompletionPort
RegisterWaitForSingleObject
GetQueuedCompletionStatusEx
FormatMessageW
PostQueuedCompletionStatus
LoadLibraryExA
GetSystemTimeAsFileTime
SetFileCompletionNotificationModes
Sleep
HeapFree
GetProcAddress
GetProcessHeap
CreateFileW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
GlobalMemoryStatusEx
SetHandleInformation
GetSystemInfo
lstrlenW
GetLastError
GetCurrentProcessId
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetFullPathNameW
CreateThread
VirtualQueryEx
GetProcessTimes
DuplicateHandle
SwitchToFiber
CreateFiber
VirtualProtect
VirtualAlloc
ConvertThreadToFiber
CloseHandle
WideCharToMultiByte
IsProcessorFeaturePresent
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
K32GetPerformanceInfo
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
OpenProcess
GetSystemTimes
GetProcessIoCounters
GetSystemDirectoryW
GetModuleHandleA
HeapAlloc
ReadProcessMemory
ReadFileEx
CreateNamedPipeW
FreeLibrary
WaitForSingleObject
ExitProcess
GetModuleFileNameW
GetModuleHandleW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetFileInformationByHandle
GetConsoleMode
GetStdHandle
WriteFileEx
SleepEx
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapReAlloc
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW

secur32

ApplyControlToken
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
EncryptMessage
FreeContextBuffer
DecryptMessage
DeleteSecurityContext
QueryContextAttributesW

ws2_32

recv
shutdown
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
send
WSAStartup
WSACleanup
WSASend
freeaddrinfo
setsockopt
WSAIoctl
WSAGetLastError
getsockopt
closesocket
getaddrinfo

advapi32

IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegCloseKey
GetTokenInformation

crypt32

CertDuplicateCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoTaskMemFree

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

ntdll

NtWriteFile
NtCancelIoFileEx
NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetVersion
NtQuerySystemInformation
NtDeviceIoControlFile
NtCreateFile
NtReadFile

pdh

PdhCloseQuery
PdhOpenQueryA
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData

powrprof

CallNtPowerInformation

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memset
memmove
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initialize_narrow_environment
__p___argc
_register_onexit_function
_configure_narrow_argv
_crt_atexit
_exit
_set_app_type
_seh_filter_exe
terminate
_initterm
exit
_initialize_onexit_table
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e57eae0ce5e40df7927e87d1231403

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

secur32

ws2_32

advapi32

crypt32

shell32

ole32

oleaut32

ntdll

pdh

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 9KB - Virtual size: 9KB

.pdata Size: 105KB - Virtual size: 105KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 9KB - Virtual size: 9KB

.pdata
Size: 105KB - Virtual size: 105KB

.reloc
Size: 16KB - Virtual size: 16KB