4a7ab164a5d10dc4c5d912c32bddc8490ff4380a43325428a130db078c791cc6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4a7ab164a5d10dc4c5d912c32bddc8490ff4380a43325428a130db078c791cc6.exe
Size

520KB
MD5

6a3401e664a000c14a6cc5a9156f5a6b
SHA1

962e202b0d4b36c6326e35700f84b7d42226aa91
SHA256

4a7ab164a5d10dc4c5d912c32bddc8490ff4380a43325428a130db078c791cc6
SHA512

9dab970829d2a18c8024f4f96ee8d0a51da3eee09c0d31fa8493a6e6e6c256c58e3f4e81ce331b269ef569804c660158b39eb160b12f556340b3a20d9c778a93
SSDEEP

12288:4Wx4Hi4NWYgeWYg955/155/OZgPkSDe+HEJhBoaDLlCHO:r4Hi42PBe+Hm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a7ab164a5d10dc4c5d912c32bddc8490ff4380a43325428a130db078c791cc6.exe

Files

4a7ab164a5d10dc4c5d912c32bddc8490ff4380a43325428a130db078c791cc6.exe
.dll windows:6 windows x64 arch:x64

43dca76562a9aa04b86d3c33081331a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\TempBooster\x64\Release\TempBooster.pdb

Imports

kernel32

SetEvent
GetModuleHandleExW
GetModuleFileNameW
CloseHandle
Sleep
DeleteFileW
WaitForSingleObject
CreateThread
GetLastError
WriteConsoleW
CreateEventW
OpenProcess
TerminateProcess
Process32NextW
Process32FirstW
GetFileAttributesW
CreateToolhelp32Snapshot
SetEndOfFile
CreateFileW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
CreateDirectoryW
MoveFileExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
HeapSize
RtlUnwind

user32

GetMessageW
TranslateMessage
DispatchMessageW

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

ShellExecuteW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectA
InternetReadFile
InternetCloseHandle
InternetOpenA

Exports

Exports

MpAccessibilityAsyncEvent
MpAddDynamicSignatureFile
MpAllocMemory
MpAmsiCloseSession
MpAmsiNotify
MpAmsiScan
MpAsrSetHipsUserExclusion
MpAsrSetHipsUserExclusionEx
MpChangeCapability
MpCheckAccessForClipboardOperation
MpCheckAccessForClipboardOperationEx
MpCheckAccessForClipboardOperationEx2
MpCheckAccessForCopyFile
MpCheckAccessForCopyFileEx
MpCheckAccessForDragDropOperation
MpCheckAccessForDragDropOperation2
MpCheckAccessForPrintOperation
MpCheckAccessForPrintOperation2
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClientUtilExportFunctionsSize
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorEnumV2
MpConfigIteratorOpen
MpConfigOpen
MpConfigQueryProtection
MpConfigRefresh
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpConveyDlpBypass
MpConveySampleSubmissionResult
MpConveyUserChoiceForDlpNotification
MpConveyUserChoiceForDlpNotificationEx
MpConveyUserChoiceForSampleList
MpCopyAcceleratorRpcPing
MpCreateComInstance
MpDbgAllocMemory
MpDebugExportFunctions
MpDefenderIsPrintAccessCheckNeeded
MpDefenderPrintAccessCheck
MpDefenderPrintDataProvide
MpDelegateCopyFile
MpDelegateCopyFileAsync
MpDeleteAsrHistory
MpDetectionEnumerate
MpDetectionQuery
MpDeviceControlAuthenticateNetworkShare
MpDeviceControlQueryInformation
MpDeviceControlValidateDataDuplicationRemoteLocationConfiguration
MpDlpCheckAccessForBuffer
MpDlpDelegateEnforcement
MpDlpDispatchAccessEvent
MpDlpGenerateRmsLabelingEvent
MpDlpGetEvidenceFileUrl
MpDlpGetOperationEnforcmentMode
MpDlpGetPrinterInformation
MpDlpInitializeEnforcementMode
MpDlpNotifyCloseDocumentFile
MpDlpNotifyPostOpenDocumentFile
MpDlpNotifyPostSaveAsDocument
MpDlpNotifyPostStartPrint
MpDlpNotifyPreOpenDocumentFile
MpDlpNotifyPrePrint
MpDlpNotifyPreSaveAsDocument
MpDlpScanLLM
MpDlpServicePingRpc
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpEffectiveConfigurationReport
MpElevateCleanHandle
MpElevationHandleAcquire
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFastMemoryScan
MpFastMemoryScanOpen
MpFlushLowfiCache
MpForcedReboot
MpFreeFileTrustExtraInfo
MpFreeMemory
MpFreeTSModeInfo
MpFreeUpToDateInfo
MpGenerateSignature
MpGenerateSignatureEx
MpGenerateThreatReport
MpGetASRPerRuleExclusions
MpGetAsrBlockedActionInfos
MpGetAsrBlockedActions
MpGetAsrBlockedProcesses
MpGetCallistoDetections
MpGetConfigPayloadStatus
MpGetConfigValue
MpGetCopyAcceleratorCancellableCopyStatus
MpGetCopyAcceleratorProcessStatus
MpGetDefenderStatusSummary
MpGetDevMode
MpGetDevVolumesProtectionState
MpGetDeviceControlSecurityPolicies
MpGetDeviceControlStatus
MpGetDlpEvents
MpGetEngineVersion
MpGetFCValue
MpGetHIPSCustomRuleInfo
MpGetHIPSRuleInfo
MpGetMAPSConnectivityStatusInfo
MpGetNpSupportFile
MpGetRunningMode
MpGetSACInfo
MpGetSampleChunk
MpGetSampleListRequiringConsent
MpGetTDTFeatureStatus
MpGetTDTFeatureStatusEx
MpGetTPStateInfo
MpGetTSModeInfo
MpGetTaskSchedulerStrings
MpGetThreatExecutionInfo
MpGetUpToDateInfo
MpGetUpdatePlatformStatus
MpHandleClose
MpImportConfigPayload
MpIsDeviceControlAvailable
MpIsGivenRunningModeSupported
MpIsRtpAutoEnable
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpManagerXBGMDisable
MpManagerXBGMEnable
MpMemoryScanStart
MpNetworkCapture
MpNotificationRegister
MpOfflineScanInstall
MpOfflineScanStatusQuery
MpOpen
MpProductGenuineCheck
MpQuarantineRequest
MpQueryDefaultFolderGuardList
MpQueryDevVolumeProtectionState
MpQueryEngineConfigDword
MpQueryFileTrustByHandle
MpQueryFileTrustByHandle2
MpRemapCallistoDetections
MpRemoveDynamicSignatureFile
MpReportClipboardOwner
MpRequestSnooze
MpRollbackPlatform
MpSCCGetState
MpSCCReset
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpScanStartEx
MpSendBrowserHeartbeat
MpServiceLogMessage
MpSetBreakTheGlassStatus
MpSetTPState
MpSetUacElevationDefaultWindowHandle
MpShowDlpDetailsDialog
MpShutdownCopyAcceleratorProcess
MpSmartLockerEnable
MpTelemetryAddToAverageDWORD
MpTelemetryAddToStreamDWORD
MpTelemetryAddToStreamDWORD64
MpTelemetryAddToStreamString
MpTelemetryIncrementDWORD
MpTelemetryInitialize
MpTelemetryIsOptIn
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralAddToStreamDWORD
MpTelemetryLiteralAddToStreamDWORD64
MpTelemetryLiteralAddToStreamString
MpTelemetryLiteralIncrementDWORD
MpTelemetryLiteralSetDWORD
MpTelemetryLiteralSetDWORD64
MpTelemetryLiteralSetIfMaxDWORD
MpTelemetryLiteralSetIfMinDWORD
MpTelemetryLiteralSetString
MpTelemetrySetConsent
MpTelemetrySetDWORD
MpTelemetrySetDWORD64
MpTelemetrySetIfMaxDWORD
MpTelemetrySetIfMinDWORD
MpTelemetrySetString
MpTelemetryUninitialize
MpTelemetryUpdateUserConsent
MpTelemetryUpload
MpThreatAction
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatLocalizedInfoQuery
MpThreatOpen
MpThreatQuery
MpThreatRollup
MpTriggerErrorHeartbeatReport
MpTriggerHeartbeatOnUninstall
MpTriggerStatusRefreshNotification
MpUnblockEngine
MpUnblockPlatform
MpUnblockSignatures
MpUpdateBrowserActiveTab
MpUpdateControl
MpUpdateDevMode
MpUpdateEngine
MpUpdatePlatform
MpUpdateServicePingRpc
MpUpdateStart
MpUpdateStartEx
MpUpdateTSMode
MpUpdateTSModeEx
MpUtilsExportFunctions
MpWDEnable
MpXBGMEnable
MpXBGMFreeEvent
MpXBGMGetData
MpXBGMPutData
MpXBGMUpdateIV
MputAddToAverageDWORD64Rpc
MputAddToAverageDWORDRpc
MputIncrementDWORD64Rpc
MputIncrementDWORDRpc
MputSetBoolRpc
MputSetDWORD64Rpc
MputSetDWORDRpc
MputSetIfMaxDWORD64Rpc
MputSetIfMaxDWORDRpc
MputSetIfMinDWORD64Rpc
MputSetIfMinDWORDRpc
MputSetStringRpc
WDEnable
WDStatus
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43dca76562a9aa04b86d3c33081331a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wtsapi32

wininet

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 11KB - Virtual size: 22KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 11KB - Virtual size: 22KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 5KB - Virtual size: 4KB