61d6bb7b3885aca5f61ba6e2ffb74128150ec42f44793e51b426ad5bdbb54856

Sharing

Copy URL Twitter E-mail

General

Target

61d6bb7b3885aca5f61ba6e2ffb74128150ec42f44793e51b426ad5bdbb54856
Size

144KB
MD5

73ebe948a177c5a12bff0e16451bae35
SHA1

ec9481c6f1eab242686f97453ce9bc72d38f2ccc
SHA256

61d6bb7b3885aca5f61ba6e2ffb74128150ec42f44793e51b426ad5bdbb54856
SHA512

b278b70da93d3d5deed0f145abc5bb8d7657e760028f4e38f4ab48600d79b90fc0bd7de6d6727125614c49c9992f7d888635d766885fd823e9cc69388d334efc
SSDEEP

1536:TjjW2hzoHzOP7lJhhAoK9DaafCcCMtylEZ2b/N2wlnWJABKiLRrh7OgFf:znqyjXABosC+iEZ2R2wlnWGBFNrh7H1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61d6bb7b3885aca5f61ba6e2ffb74128150ec42f44793e51b426ad5bdbb54856

Files

61d6bb7b3885aca5f61ba6e2ffb74128150ec42f44793e51b426ad5bdbb54856
.dll windows:6 windows x86 arch:x86

70387dfde74347ea24601451385ac33c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\assemblage\Builds\288509103032685892fvedwdbecc\Arrowgene.KrazyRain-master\Arrowgene.KrazyRain.Dll\assemblage_outdir_bin\Arrowgene.KrazyRain.pdb

Imports

kernel32

CloseHandle
OpenProcess
VirtualProtect
GetModuleFileNameW
GetModuleHandleW
AllocConsole
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetStartupInfoW

msvcp140d

??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??2_Crt_new_delete@std@@SAPAXI@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??3_Crt_new_delete@std@@SAXPAX@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

vcruntime140d

_except_handler4_common
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
__std_type_info_destroy_list
__current_exception_context
__current_exception

ucrtbased

fputs
fread
fsetpos
fseek
_fseeki64
ftell
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
__stdio_common_vfprintf
_wassert
_mbsicmp
fgetpos
_malloc_dbg
_callnewh
malloc
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
fputc
fgetc
fflush
fclose
freopen_s
fopen_s
_get_stream_buffer_pointers
__acrt_iob_func
_CrtDbgReport
_calloc_dbg
_invalid_parameter
_free_dbg

Exports

Exports

dummy

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70387dfde74347ea24601451385ac33c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140d

vcruntime140d

ucrtbased

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.msvcjmc Size: 1024B - Virtual size: 576B

.tls Size: 1024B - Virtual size: 514B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1024B - Virtual size: 806B

.reloc Size: 5KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.msvcjmc
Size: 1024B - Virtual size: 576B

.tls
Size: 1024B - Virtual size: 514B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1024B - Virtual size: 806B

.reloc
Size: 5KB - Virtual size: 5KB