PyuBCoF1HM[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PyuBCoF1HM.exe
Size

42KB
MD5

064f764fd8be73761b0f92e23752f0a9
SHA1

ca2065549043b525987690d04b02ff414565a3c7
SHA256

efb25224067d604503f33039b5867896793e7e3e88ca2d792593283837119687
SHA512

080947f458bf01b00b4226a211b849dc1e1b839346bebc50ab84258fa18470172852e6557899f005611f64d25e3d6197ee0251b0a2184264c68d10ed6185d666
SSDEEP

768:os3Tb75VkpYrhWoK8wJPJRlNhSP00oZTzvIffkRswMyJXXN2+tZGHZch37g/4:os/gPJ7NhSP00oZYffkRvMSPZdgg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PyuBCoF1HM.exe

Files

PyuBCoF1HM.exe
.exe windows:6 windows x64 arch:x64

98ac1d34184a1e652ded4134f28eeaae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Cri\Desktop\CS2\Manual Mapper\x64\Release\S1qivjGNpl.pdb

Imports

kernel32

WriteProcessMemory
RtlAddFunctionTable
Sleep
GetLastError
LoadLibraryA
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
GetModuleFileNameA
FindFirstFileA
GetCurrentProcess
GetProcessId
FindNextFileA
FindClose
GetCurrentDirectoryA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetConsoleWindow
lstrcmpiW
GetProcessHandleCount
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter

user32

ShowWindow

msvcp140

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__std_exception_destroy
__std_terminate
memcpy
__current_exception_context
_CxxThrowException
__current_exception
__std_exception_copy
memset
memmove

api-ms-win-crt-stdio-l1-1-0

fsetpos
fgetpos
fwrite
fclose
__p__commode
_set_fmode
ungetc
setvbuf
fgetc
__acrt_iob_func
fread
fflush
__stdio_common_vfprintf
_get_stream_buffer_pointers
fputc
_fseeki64

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

rename
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
_set_app_type
__p___argc
__p___argv
_cexit
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_seh_filter_exe
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_c_exit
terminate
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98ac1d34184a1e652ded4134f28eeaae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1024B

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 144B

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1024B

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 144B