alterware-launcher[.]exe

Resubmissions

29/08/2024, 11:43

240829-nvq1eszbnd 8

29/08/2024, 11:40

240829-ntal2szaqf 3

Sharing

Copy URL Twitter E-mail

General

Target

alterware-launcher.exe
Size

2.6MB
MD5

1926fcb7a761920d010ea60159875b4b
SHA1

c8e95f5d96228cd48ae773acb27da060497cd005
SHA256

7857b8e3c6bfc8e6b5f1381de296b0a553af8a86aaf7fc0a11f0e84493b0a875
SHA512

5a025d989d29aebb74e7d01a75ec5bae91147bd3b24ec8944d3d7cb43fa8288d65077c29fdb0bd512ec4aa5806b605948e3860e5315cc289a8989a5e858931b5
SSDEEP

49152:iJncK67GldmOKcYAOdTDvRkrPKDsUqdDe3pLBVSb34Y+1Dwp:iJncAqV03T+10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
alterware-launcher.exe

Files

alterware-launcher.exe
.exe windows:6 windows x64 arch:x64

b71864959ea947260945105d41a11d4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

alterware_launcher.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

ntdll

RtlPcToFileHeader
RtlUnwindEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile

kernel32

GetSystemInfo
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetExitCodeProcess
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ExitProcess
SetFileCompletionNotificationModes
CreateProcessA
GetStdHandle
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandleEx
SetConsoleTextAttribute
GetCurrentThreadId
GetTimeZoneInformationForYear
Sleep
GetModuleHandleA
GetProcAddress
LocalFree
DeleteFileW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
WaitForSingleObject
SetFileInformationByHandle
EncodePointer
GetCurrentProcessId
WriteFileEx
SleepEx
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
GetCommandLineW
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
GetFileType
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
SetCurrentDirectoryW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetFullPathNameW
GetTempPathW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
DuplicateHandle
GetCurrentProcess
CreateFileW
CloseHandle
RaiseException
SetHandleInformation
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
SwitchToThread
LoadLibraryExW

shell32

ShellExecuteExW
CommandLineToArgvW

ole32

CoInitializeEx

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ws2_32

getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
shutdown
recv
send
WSASend
closesocket
getsockopt
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

secur32

DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
QueryContextAttributesW
ApplyControlToken
AcquireCredentialsHandleA
EncryptMessage

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s

api-ms-win-crt-math-l1-1-0

ceil
round
trunc
truncf
pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
abort
_seh_filter_exe
_c_exit
_cexit
__p___argv
__p___argc
_initterm_e
_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b71864959ea947260945105d41a11d4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

shell32

ole32

advapi32

ws2_32

secur32

crypt32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 752KB - Virtual size: 752KB

.data Size: 9KB - Virtual size: 12KB

.pdata Size: 59KB - Virtual size: 58KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 752KB - Virtual size: 752KB

.data
Size: 9KB - Virtual size: 12KB

.pdata
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 20KB - Virtual size: 19KB