Cloudware+External[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Cloudware+External.zip
Size

1.3MB
MD5

e73accb1da2ea5ee052d384c519ba947
SHA1

0038cad476e57dc027947ba5728809a8689d4440
SHA256

5f53957f086dc1c05c856e052612e25435ba93d049274b3a716c20e358e97a70
SHA512

23ed0795f9866b8202be5bb0157a464107bd7750c98d71563f94ad0cd87aeb2d38b0463e87055ea916cdc14867a1570436e5a57a6cc05a2e0e0743e998d12d7b
SSDEEP

24576:2Oh5Vw10z6Qp738mEZU5nICPs7zzP2fNdLypwQQi8mZ38LC1ZOX/iWEaKzmQr0mC:22WBQimBLPsPzPdd38ml8LC1yqNaGjro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cloudware External/Cloudware.exe

Files

Cloudware+External.zip
.zip
Cloudware External/Cloudware.exe
.exe windows:6 windows x64 arch:x64

29a37a192c9ca66356e1c7dd0d5d1177

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Owner\source\repos\Cloud fixed\nevermiss\nevermiss\FatNiggasEverywhere\santo\build\santo.pdb

Imports

winmm

PlaySoundA

kernel32

WideCharToMultiByte
GlobalUnlock
GetTickCount
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetFileSizeEx
ReadFile
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GlobalFree
GetModuleHandleW
GetCurrentThreadId
lstrcmpiA
InitializeSListHead
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
CloseHandle
Process32Next
GlobalLock
GlobalAlloc
MultiByteToWideChar
IsDebuggerPresent
TerminateThread
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
GetCurrentProcess
GetCurrentProcessId
Process32First
GetProcAddress
GetModuleHandleA
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
SetConsoleTitleA
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
Sleep

user32

GetForegroundWindow
DispatchMessageA
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
SetWindowLongA
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
MonitorFromWindow
SendInput
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetDC
FindWindowA
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
GetKeyboardLayout
TrackMouseEvent
GetAsyncKeyState
ScreenToClient
GetCapture
ClientToScreen

gdi32

GetPixel
CreateSolidBrush

advapi32

RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW

msvcp140

??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Mtx_lock
_Query_perf_counter
_Mtx_unlock
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Thrd_detach
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

ntdll

RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

dbghelp

ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__intrinsic_setjmp
__current_exception_context
__current_exception
memcmp
memchr
memset
memmove
longjmp
strstr
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
strrchr
memcpy

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vsscanf
ftell
__p__commode
__stdio_common_vsnprintf_s
ferror
fopen
__acrt_iob_func
fflush
_fseeki64
fsetpos
fclose
_set_fmode
clearerr
ungetc
_read
fseek
fgetc
setvbuf
fgetpos
__stdio_common_vsprintf_s
__stdio_common_vsprintf
fputc
fread
feof
_lseek
fwrite
_fileno
_open
fgets
_write
_close
_setmode
__stdio_common_vfprintf
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

acosf
sinf
atan2f
ceilf
cosf
fmodf
powf
sqrtf
__setusermatherr

api-ms-win-crt-convert-l1-1-0

atof
strtoull
strtol

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_mkdir

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
perror
terminate
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
__p___argv

api-ms-win-crt-string-l1-1-0

strncpy
tolower
strncmp
_stricmp
strcmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
strftime

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1015KB - Virtual size: 1022KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29a37a192c9ca66356e1c7dd0d5d1177

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

imm32

d3dcompiler_43

dwmapi

d3dx11_43

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 848KB - Virtual size: 847KB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 1015KB - Virtual size: 1022KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 848KB - Virtual size: 847KB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 1015KB - Virtual size: 1022KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 3KB