C:\Users\admin\ToolKitV\Updater\x64\Release\Updater.pdb
Static task
static1
1 signatures
General
-
Target
ToolKitV.exe
-
Size
2.7MB
-
MD5
7bc5dbebb690118056ad00c8d891d040
-
SHA1
1c6ed99d01cb4cb442a00768a7a45427400fe3e6
-
SHA256
7746583be65c6d4d02bfc6f72c55b7178a17871c631e71ab1b1909a45d09a02f
-
SHA512
1f7766b79b04132ce5251d834da8373ba732951d561101aebfe3539902d5cb304807a33727deb48237ab3cc48513c98b6a0055b7824f6546feedab488a77bbcf
-
SSDEEP
49152:fYyVxhXUPi9gzz1hoPUFr+QXeR+MLCT9aDB4:hXUPiroeRRO
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ToolKitV.exe
Files
-
ToolKitV.exe.exe windows:6 windows x64 arch:x64
8e4ea4c34d408ebc64239de8724e2cc8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ws2_32
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
setsockopt
__WSAFDIsSet
WSAGetLastError
WSACloseEvent
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
select
WSAIoctl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
ntohl
socket
send
recv
closesocket
accept
WSACleanup
WSAStartup
inet_pton
crypt32
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CryptDecodeObjectEx
advapi32
GetSecurityInfo
RegDeleteKeyW
RegSetKeyValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
user32
UpdateWindow
PostQuitMessage
LoadCursorW
LoadIconW
ReleaseDC
TranslateMessage
BeginPaint
RedrawWindow
DispatchMessageW
SetClassLongW
ShowWindow
LoadStringW
LoadAcceleratorsW
RegisterClassExW
LoadImageW
EndPaint
TranslateAcceleratorW
SetWindowLongW
CreateWindowExW
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjects
PeekMessageW
GetWindowLongW
GetMessageW
DefWindowProcW
GetWindowRect
DestroyWindow
MessageBoxW
gdi32
SelectObject
RoundRect
CreateCompatibleDC
CreateFontW
DeleteDC
BitBlt
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
TextOutW
shell32
SHGetKnownFolderPath
CommandLineToArgvW
SHCreateItemFromParsingName
ole32
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
bcrypt
BCryptDeriveKeyPBKDF2
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCreateHash
kernel32
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetConsoleOutputCP
GetConsoleMode
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadConsoleW
GetCurrentThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetEndOfFile
HeapReAlloc
GetTimeZoneInformation
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
FlushFileBuffers
OutputDebugStringW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
GetTickCount
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableCS
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
CreateDirectoryW
GetModuleFileNameW
DeleteFileW
GetModuleHandleW
CopyFileW
GetCommandLineW
LocalFree
CreateProcessW
ReadFile
GetFileSizeEx
CreateFileW
GetFileAttributesW
GetLastError
CloseHandle
GetOverlappedResult
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
GetFileType
WriteFile
HeapSize
GetFileTime
SetFilePointerEx
RtlVirtualUnwind
GetStdHandle
GetEnvironmentVariableW
GetProcAddress
SetLastError
FormatMessageW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetCurrentThreadId
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetTickCount64
InitOnceComplete
InitOnceBeginInitialize
RtlPcToFileHeader
RaiseException
SwitchToThread
GetExitCodeThread
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 457KB - Virtual size: 456KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 632KB - Virtual size: 631KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ