RUS-STANDART[.]XYZ CHECKER[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RUS-STANDART.XYZ CHECKER.exe
Size

8.6MB
MD5

f452496c35b5f6f30521d35a15b88920
SHA1

ce1ac8201226cba723a5cfda3727082c87bbff6c
SHA256

ac879c32b8fc03032ffa651dc73786faef52be031d8cefd3dfc52e99ffd158ab
SHA512

ed75c4782b87c67a7443dbdfdabae97821eb5115dffc94fa488cc88676597950ffad8682a1863c3c44ffa8fc303a95105e9c9703204d4c4485a00b57d0f64921
SSDEEP

98304:JkNO/F4BH+6p0mpkoQdDElH8D1etmffrdAZcse9HUhNyKJY0ki:uNOASEuD1y25AZcj4ks

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RUS-STANDART.XYZ CHECKER.exe

Files

RUS-STANDART.XYZ CHECKER.exe
.exe windows:6 windows x64 arch:x64

8d18228e457cd5a3a7f3a955f4a8e169

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

shlwapi

AssocQueryStringW

advapi32

EventSetInformation
GetTokenInformation
OpenProcessToken
EventRegister
RegOpenKeyExW
RegQueryValueExW
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
RevertToSelf
SystemFunction036
ImpersonateAnonymousToken

kernel32

IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlPcToFileHeader
GetModuleHandleW
DeleteCriticalSection
LoadLibraryW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
lstrlenW
GetModuleHandleA
GetProcAddress
GetSystemInfo
LCIDToLocaleName
RtlUnwindEx
GetNativeSystemInfo
GetCurrentThreadId
GetUserDefaultUILanguage
TlsAlloc
TlsGetValue
HeapAlloc
CreateMutexA
WaitForSingleObjectEx
EncodePointer
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
TlsSetValue
CancelIo
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
CopyFileExW
GlobalFree
GetFinalPathNameByHandleW
Sleep
CreatePipe
GetFileInformationByHandle
GetConsoleMode
RaiseException
GetCurrentThread
GetProcessHeap
RemoveDirectoryW
MoveFileExW
DeleteFileW
GlobalAlloc
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GlobalUnlock
GlobalSize
GlobalLock
CreateFileW
FindClose
FindNextFileW
LoadLibraryA
ReleaseMutex
HeapReAlloc
GetProcessId
GetUserDefaultLocaleName
FormatMessageW
TerminateProcess
GetExitCodeProcess
GetLastError
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
FreeLibrary
DuplicateHandle
LoadLibraryExA
SetFileInformationByHandle
GetCommandLineW
WaitForSingleObject
CreateEventW
HeapFree
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetHandleInformation
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFileCompletionNotificationModes
GetOverlappedResult
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile

user32

SetMenu
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
EnableMenuItem
SetMenuItemInfoW
RedrawWindow
CheckMenuItem
GetActiveWindow
CreateMenu
CloseClipboard
RegisterHotKey
PostMessageW
SetCapture
SetWindowLongPtrW
IsIconic
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjectsEx
VkKeyScanW
GetClientRect
GetKeyboardState
SetWindowLongW
GetSystemMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
RegisterRawInputDevices
MapVirtualKeyW
GetRawInputData
IsProcessDPIAware
DestroyWindow
UnregisterHotKey
RegisterClassExW
SetWindowDisplayAffinity
GetWindowLongPtrW
GetMessageW
RegisterWindowMessageA
SystemParametersInfoA
IsWindowVisible
GetMenu
GetAncestor
ClipCursor
EnumChildWindows
TranslateAcceleratorW
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetWindowRect
PostQuitMessage
SendInput
GetMonitorInfoW
MonitorFromWindow
AppendMenuW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
RegisterClipboardFormatW
GetUpdateRect
ValidateRect
MonitorFromPoint
GetAsyncKeyState
SetForegroundWindow
ShowWindow
FindWindowA
EnumDisplayMonitors
SendMessageW
DestroyIcon
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
CreateIcon
GetForegroundWindow
SetCursorPos
SetCursor
LoadCursorW
InvalidateRgn
SetWindowPos
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ClientToScreen
ReleaseCapture
GetCursorPos
FlashWindowEx
DefWindowProcW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage

comctl32

DefSubclassProc
SetWindowSubclass
TaskDialogIndirect
RemoveWindowSubclass

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
OleInitialize
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitializeEx
CoIncrementMTAUsage

shell32

SHGetKnownFolderPath
SHAppBarMessage
DragFinish
ShellExecuteW
DragQueryFileW
SHCreateItemFromParsingName

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen

uxtheme

SetWindowTheme

ntdll

RtlGetVersion
RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses

secur32

DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW

ws2_32

closesocket
getaddrinfo
freeaddrinfo
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError

crypt32

CertCloseStore
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

trunc
floor
pow
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

_wcsicmp
strlen
wcslen
wcsncmp
strcpy_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
strerror
_crt_atexit
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-heap-l1-1-0

calloc
free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d18228e457cd5a3a7f3a955f4a8e169

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

shlwapi

advapi32

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

bcrypt

iphlpapi

secur32

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 16KB - Virtual size: 27KB

.pdata Size: 328KB - Virtual size: 327KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 16KB - Virtual size: 27KB

.pdata
Size: 328KB - Virtual size: 327KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 33KB - Virtual size: 33KB