FlyingCarpet[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FlyingCarpet.exe
Size

6.2MB
MD5

5315c1ef1b04b66fc30fefc48a70e760
SHA1

1fff7493d8fe6e84ca175847590dd6243bc79a78
SHA256

d3d0d0ba0118d1464a044ce13c4aac328b1218385a3f168e37baefb0a95ec5b2
SHA512

4ac15b32c0c91063599d483a74ffb6de015103dfa6a6dbc9bd5fea9346d81ecaa29cfa606f59670ea8cb32ef4a7bdb92911079ca441f8971dd7b56264eaf14f1
SSDEEP

196608:lfk3tGmyiKMw/ODTTTTTTTTTTTTWTwTTTTTTTTTTaTTTTTTTTTTTTETh9:lfk3tZyiKYF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FlyingCarpet.exe

Files

FlyingCarpet.exe
.exe windows:6 windows x64 arch:x64

Password: infected

707f1ae5954283d60f5ab76f1e73601b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\flyingcarpet\target\release\deps\flying_carpet.pdb

Imports

user32

GetWindowLongPtrW
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
GetDC
CreateAcceleratorTableW
DestroyAcceleratorTable
ToUnicodeEx
GetKeyboardLayout
ClipCursor
IsWindowVisible
GetRawInputData
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SendMessageW
SetForegroundWindow
SendInput
ShowWindow
AppendMenuW
SystemParametersInfoA
CreateMenu
CheckMenuItem
SetMenuItemInfoW
GetSystemMenu
DestroyIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
SetWindowLongW
GetWindowRect
CreateIcon
GetMessageA
EnumChildWindows
DispatchMessageA
GetMenu
RegisterTouchWindow
GetClipCursor
GetSystemMetrics
IsWindow
AdjustWindowRectEx
CreateWindowExW
SetCursorPos
PostQuitMessage
GetActiveWindow
GetForegroundWindow
GetDesktopWindow
ShowCursor
DestroyWindow
SetMenu
ReleaseCapture
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
SetCursor
SetWindowPos
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetClientRect
GetWindowLongW
TrackMouseEvent
MonitorFromRect
FlashWindowEx
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
GetUpdateRect
MapVirtualKeyW
PeekMessageW
PostThreadMessageW
RedrawWindow
ValidateRect
EnableMenuItem

comctl32

RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass
DefSubclassProc

kernel32

ExitProcess
CancelIo
GetFinalPathNameByHandleW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
GetModuleHandleW
QueryPerformanceFrequency
WakeAllConditionVariable
TerminateProcess
GetExitCodeProcess
ReadFileEx
SleepEx
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
WriteFileEx
GetStdHandle
LoadLibraryA
GetCommandLineW
TlsSetValue
ReleaseSRWLockExclusive
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
TlsGetValue
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
QueryPerformanceCounter
CreateProcessW
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
GetWindowsDirectoryW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
lstrlenW
LoadLibraryExW
MultiByteToWideChar
WriteConsoleW
FreeLibrary
GetEnvironmentVariableW
CompareStringOrdinal
DeleteProcThreadAttributeList
FindClose
ReleaseMutex
FreeEnvironmentStringsW
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentThreadId
FormatMessageW
WaitForSingleObject
CreateThread
GetFileInformationByHandle
ReleaseSRWLockShared
SleepConditionVariableSRW
GetConsoleMode
GetFullPathNameW
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
CreateEventW
GetSystemTimeAsFileTime
LoadLibraryW
FormatMessageA
GetCurrentProcess
DuplicateHandle
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetHandleInformation
Sleep
SetUnhandledExceptionFilter
GetCurrentProcessId
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
CloseHandle
GetTempPathW
LCIDToLocaleName
GetUserDefaultUILanguage
AcquireSRWLockExclusive
GetSystemInfo
GetProcAddress
GetModuleHandleA
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SwitchToThread
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
TlsFree

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
RevokeDragDrop
OleInitialize
RegisterDragDrop
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

ws2_32

WSAGetLastError
WSAIoctl
send
socket
WSAStartup
recv
shutdown
getsockopt
accept
listen
ioctlsocket
connect
bind
WSASocketW
WSACleanup
freeaddrinfo
getaddrinfo
closesocket

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
SystemFunction036
EventUnregister

shell32

ShellExecuteA
SHGetKnownFolderPath
DragQueryFileW
DragFinish
SHCreateItemFromParsingName

uxtheme

SetWindowTheme

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

iphlpapi

GetAdaptersAddresses

wlanapi

WlanFreeMemory
WlanCloseHandle
WlanOpenHandle
WlanRegisterNotification
WlanConnect
WlanEnumInterfaces

ntdll

NtWriteFile
NtReadFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
trunc
round
floor
fmod

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
strlen
wcsncmp
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_c_exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
abort
exit
_exit
_register_onexit_function
_initialize_onexit_table
_cexit
__p___argc
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
__p___argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_callnewh
free
_set_new_mode

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

707f1ae5954283d60f5ab76f1e73601b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

ole32

ws2_32

gdi32

dwmapi

advapi32

shell32

uxtheme

oleaut32

iphlpapi

wlanapi

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 212KB - Virtual size: 212KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 212KB - Virtual size: 212KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 27KB - Virtual size: 26KB