3502cde37953f190ac1b5d4e56d8df524310492908d3e92b0bee05552a5b32dd

Sharing

Copy URL

Twitter E-mail

General

Target

3502cde37953f190ac1b5d4e56d8df524310492908d3e92b0bee05552a5b32dd
Size

98KB
MD5

8e245506627ad55a33bff456498fd734
SHA1

f1edf84db95ae6ceaeab9ad15088bd1f3471e668
SHA256

3502cde37953f190ac1b5d4e56d8df524310492908d3e92b0bee05552a5b32dd
SHA512

74c0a97bc7f42211aeae92f296da216d7123e4eaccd6e3e7109954acdfa2588058fd75eba12e880fc0328c949dafb7baa1975d91b2835faf522da3930a6b15ae
SSDEEP

3072:2TxZ8nNeHL1X82Ad2P4zhyakzhFDXhTQ:wD84HIQg7Sh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3502cde37953f190ac1b5d4e56d8df524310492908d3e92b0bee05552a5b32dd

Files

3502cde37953f190ac1b5d4e56d8df524310492908d3e92b0bee05552a5b32dd
.exe windows:6 windows x86 arch:x86

26176a7d2fa9ba75ff8770514526fd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\assemblage\Builds\8924518445868514507nujolwxhuz\penthesilea-master\Penthesilea\assemblage_outdir_bin\Penthesilea.pdb

Imports

kernel32

GetModuleHandleW
GetCommandLineW
GetStartupInfoW
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
CloseHandle
GetProcAddress

user32

SetTimer
LoadCursorW
UpdateWindow
RegisterClassExW
LoadMenuW
ShowWindow
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
InvalidateRect
LoadStringW
LoadAcceleratorsW
PeekMessageW
CreateWindowExW
AdjustWindowRectEx
SetRect
KillTimer
DispatchMessageW
TranslateMessage

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flags@ios_base@std@@QBEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QBE_JXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Thrd_yield
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_BADOFF@std@@3_JB
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Query_perf_counter
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
_Thrd_sleep
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Thrd_start
_Xtime_get_ticks
_Mtx_destroy
_Cnd_destroy
_Cnd_signal
_Mtx_init
_Cnd_init

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipBitmapSetPixel
GdipAlloc
GdipFree
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdiplusStartup

mfc140u

ord1511
ord1513

vcruntime140

__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
_CxxThrowException
memset
_purecall
memmove
__std_exception_destroy
__std_exception_copy
memcpy

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_controlfp_s
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fclose
__p__commode
fopen
fwrite

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise
ceil
log2
_libm_sse2_sin_precise
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26176a7d2fa9ba75ff8770514526fd9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

msvcp140

gdiplus

mfc140u

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 640B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 640B

.reloc
Size: 4KB - Virtual size: 3KB