f49f5430e7eede80e54bc57192b416d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f49f5430e7eede80e54bc57192b416d0N.exe
Size

530KB
MD5

f49f5430e7eede80e54bc57192b416d0
SHA1

9e0cb9fc03d28f2910367e1d05bff5e505f0bed6
SHA256

a18bd839bfd85f605a6f5f44294f8a4b3c72be294a421b2b19226e95bef23787
SHA512

b89f96652e1691fb11682a76acb696fa2f7c5219c8b2cd107a7fdea78d17ad85dced47eae89bb3bbd2ee8d0a859c43cbc0ff7cc4979ab54b7c09294397bc17f5
SSDEEP

12288:4KPeU20m+43UEoryv+kOGw1N8HftdRdF/kz3d:4KPeU20m+43UEb+1Gw1N8/nZkz3d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f49f5430e7eede80e54bc57192b416d0N.exe

Files

f49f5430e7eede80e54bc57192b416d0N.exe
.exe windows:6 windows x64 arch:x64

1ef85c7ca991650d6f562bffd5442a5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

llama

llama_control_vector_apply
llama_encode
llama_synchronize
llama_token_bos
llama_token_eos
llama_add_bos_token
llama_tokenize
llama_token_to_piece
llama_chat_apply_template
llama_reset_timings
llama_numa_init
llama_lora_adapter_clear
llama_lora_adapter_set
llama_lora_adapter_init
llama_model_decoder_start_token
llama_model_has_encoder
llama_vocab_type
llama_supports_gpu_offload
llama_supports_mlock
llama_supports_mmap
llama_max_devices
llama_new_context_with_model
llama_load_model_from_file
llama_context_default_params
llama_model_default_params
llama_decode
llama_batch_get_one
llama_kv_cache_clear
llama_model_meta_val_str
llama_n_layer
llama_n_embd
llama_get_model
llama_free
llama_free_model
llama_backend_free
llama_backend_init

ggml

gguf_free
gguf_set_val_str
gguf_add_tensor
gguf_write_to_file
ggml_gallocr_new
ggml_gallocr_free
gguf_init_empty
ggml_backend_alloc_ctx_tensors
ggml_backend_buffer_free
ggml_backend_free
ggml_backend_get_default_buffer_type
ggml_backend_tensor_set
ggml_backend_tensor_get
ggml_backend_graph_compute
ggml_backend_tensor_copy
ggml_backend_cpu_init
ggml_backend_is_cpu
ggml_backend_cpu_set_n_threads
ggml_n_dims
ggml_get_tensor
gguf_init_from_file
ggml_graph_overhead
ggml_new_graph
ggml_build_forward_expand
ggml_scale
gguf_set_val_i32
ggml_mul_mat
ggml_sum_rows
ggml_abort
ggml_nelements
ggml_nbytes
ggml_type_name
ggml_tensor_overhead
ggml_init
ggml_free
gguf_get_n_tensors
gguf_get_tensor_name
ggml_new_tensor_1d
ggml_new_tensor_2d
ggml_get_f32_1d
ggml_set_f32_1d
ggml_get_f32_nd
ggml_set_f32_nd
ggml_get_name
ggml_set_name
ggml_format_name
ggml_add
ggml_div_inplace
ggml_sqr
ggml_sqr_inplace
ggml_gallocr_alloc_graph
ggml_sqrt_inplace

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetFileAttributesW
GetLastError
CreateDirectoryW

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
_Strcoll
_Thrd_id
_Thrd_hardware_concurrency
_Xtime_get_ticks
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

vcruntime140

strchr
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
memcpy
memmove
memset
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
strerror
_crt_atexit
_errno
_cexit
_seh_filter_exe
exit
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
terminate
_initialize_narrow_environment
__p___argc

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsprintf
fclose
fgetc
__p__commode
__acrt_iob_func
fgetpos
fputc
fread
fsetpos
fopen
_set_fmode
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vfprintf
__stdio_common_vsscanf
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_dsign
_dclass
sqrtf
log2f
ceilf
__setusermatherr

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
realloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtof
strtoull
strtod
strtoll
atof
atol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ef85c7ca991650d6f562bffd5442a5e

Headers

DLL Characteristics

File Characteristics

Imports

llama

ggml

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 400KB - Virtual size: 399KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 8KB - Virtual size: 10KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 784B

.text
Size: 400KB - Virtual size: 399KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 8KB - Virtual size: 10KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 784B