887855f410e002dd68f51d31c9ea0a70N

Sharing

Copy URL

Twitter E-mail

General

Target

887855f410e002dd68f51d31c9ea0a70N
Size

1.1MB
MD5

887855f410e002dd68f51d31c9ea0a70
SHA1

d01000c2b604d71bf55ecd4bcd300e27d1fac12c
SHA256

1ef58204e445c22ed52ee2cc104df5f4a61fc741a26e1692ea8ad1a8a2cbe5a4
SHA512

44870d9eadeaa014211af902957f0574f38a5c3d2b516b1bf900c5229c7ff5ea1a8906f5d7a3b5b0fabe2370a27dda10013654b097daf9229b6dd5608f7ce1d6
SSDEEP

12288:qZCm7/pt5xhBQwQ2wA6VWZz7ggLPAPGSu6n+1zLVNKP1MWbO+8QzFsELyxq:wJn/hKwQ2ZB7ggLPAeFc+BLVL+Lyxq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
887855f410e002dd68f51d31c9ea0a70N

Files

887855f410e002dd68f51d31c9ea0a70N
.exe windows:4 windows x64 arch:x64

69dc9e521273f48ff8834d0e74ff4948

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

kernel32

CreateDirectoryW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_localtime64
_onexit
_vsnprintf
abort
atof
atol
calloc
exit
fclose
fflush
fopen
fprintf
fputc
free
fwrite
getenv
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
signal
strchr
strcmp
strerror
strftime
strlen
strncmp
strncpy
strtol
strtoul
vfprintf

libwinpthread-1

pthread_self

libstdc++-6

_ZNKSt13runtime_error4whatEv
_ZNKSt19__codecvt_utf8_baseIDiE10do_unshiftERiPcS2_RS2_
_ZNKSt19__codecvt_utf8_baseIDiE11do_encodingEv
_ZNKSt19__codecvt_utf8_baseIDiE13do_max_lengthEv
_ZNKSt19__codecvt_utf8_baseIDiE16do_always_noconvEv
_ZNKSt19__codecvt_utf8_baseIDiE5do_inERiPKcS3_RS3_PDiS5_RS5_
_ZNKSt19__codecvt_utf8_baseIDiE6do_outERiPKDiS3_RS3_PcS5_RS5_
_ZNKSt19__codecvt_utf8_baseIDiE9do_lengthERiPKcS3_y
_ZNKSt19__codecvt_utf8_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt19__codecvt_utf8_baseIwE11do_encodingEv
_ZNKSt19__codecvt_utf8_baseIwE13do_max_lengthEv
_ZNKSt19__codecvt_utf8_baseIwE16do_always_noconvEv
_ZNKSt19__codecvt_utf8_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE9do_lengthERiPKcS3_y
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5rfindEcy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6substrEyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEyyRKS4_
_ZNKSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt8__detail20_Prime_rehash_policy11_M_next_bktEy
_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEyyy
_ZNKSt9type_infoeqERKS_
_ZNSi10_M_extractIlEERSiRT_
_ZNSi4readEPcx
_ZNSirsERi
_ZNSo3putEc
_ZNSo5flushEv
_ZNSo5writeEPKcx
_ZNSo9_M_insertImEERSoT_
_ZNSo9_M_insertIyEERSoT_
_ZNSolsEPSt15basic_streambufIcSt11char_traitsIcEE
_ZNSolsEi
_ZNSt11regex_errorD1Ev
_ZNSt12__basic_fileIcED1Ev
_ZNSt12out_of_rangeC1EPKc
_ZNSt12out_of_rangeD1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13random_device14_M_init_pretr1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13random_device16_M_getval_pretr1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt16invalid_argumentC1EPKc
_ZNSt16invalid_argumentC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt16invalid_argumentD1Ev
_ZNSt19__codecvt_utf8_baseIDiED2Ev
_ZNSt19__codecvt_utf8_baseIwED2Ev
_ZNSt5ctypeIcE2idE
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt6thread20hardware_concurrencyEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE14_M_replace_auxEyyyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6assignEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE8_M_eraseEyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_replaceEyyPKwy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERyy
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcyy
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEC1ERKNS_12basic_stringIcS2_S3_EESt13_Ios_Openmode
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEC1ESt13_Ios_Openmode
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEC1ESt13_Ios_Openmode
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7codecvtIwciEC2Ey
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_base7failureB5cxx11C1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt8ios_base7failureB5cxx11D1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD1Ev
_ZNSt9exceptionD2Ev
_ZSt11_Hash_bytesPKvyy
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_range_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9terminatev
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_RS3_
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTTSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt11regex_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZTVSt9exception
_ZdaPv
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_seh0

libggml

ggml_abort
ggml_cpu_has_arm_fma
ggml_cpu_has_avx
ggml_cpu_has_avx2
ggml_cpu_has_avx512
ggml_cpu_has_avx512_vbmi
ggml_cpu_has_avx512_vnni
ggml_cpu_has_avx_vnni
ggml_cpu_has_blas
ggml_cpu_has_cuda
ggml_cpu_has_f16c
ggml_cpu_has_fma
ggml_cpu_has_fp16_va
ggml_cpu_has_gpublas
ggml_cpu_has_kompute
ggml_cpu_has_matmul_int8
ggml_cpu_has_neon
ggml_cpu_has_sse3
ggml_cpu_has_sve
ggml_cpu_has_vsx
ggml_cpu_has_vulkan
ggml_cpu_has_wasm_simd
ggml_free
ggml_get_tensor
ggml_n_dims
ggml_nelements
ggml_threadpool_params_init
ggml_time_ms
ggml_time_us
gguf_free
gguf_get_n_tensors
gguf_get_tensor_name
gguf_init_from_file

libllama

_Z27llama_sample_token_with_rngP13llama_contextP22llama_token_data_arrayRSt23mersenne_twister_engineIjLy32ELy624ELy397ELy31ELj2567483615ELy11ELj4294967295ELy7ELj2636928640ELy15ELj4022730752ELy18ELj1812433253EE
llama_backend_free
llama_backend_init
llama_batch_get_one
llama_chat_apply_template
llama_context_default_params
llama_control_vector_apply
llama_decode
llama_detokenize
llama_encode
llama_free
llama_free_model
llama_get_logits_ith
llama_get_model
llama_grammar_accept_token
llama_grammar_copy
llama_grammar_free
llama_grammar_init
llama_grammar_sample
llama_kv_cache_clear
llama_load_model_from_file
llama_lora_adapter_clear
llama_lora_adapter_init
llama_lora_adapter_set
llama_max_devices
llama_model_decoder_start_token
llama_model_default_params
llama_model_has_decoder
llama_model_has_encoder
llama_n_ctx
llama_n_layer
llama_n_vocab
llama_new_context_with_model
llama_numa_init
llama_print_system_info
llama_reset_timings
llama_sample_apply_guidance
llama_sample_entropy
llama_sample_min_p
llama_sample_repetition_penalties
llama_sample_softmax
llama_sample_tail_free
llama_sample_temp
llama_sample_token_greedy
llama_sample_token_mirostat
llama_sample_token_mirostat_v2
llama_sample_top_k
llama_sample_top_p
llama_sample_typical
llama_supports_gpu_offload
llama_supports_mlock
llama_supports_mmap
llama_synchronize
llama_token_bos
llama_token_eos
llama_token_nl
llama_token_to_piece
llama_tokenize

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69dc9e521273f48ff8834d0e74ff4948

Headers

File Characteristics

Imports

libgcc_s_seh-1

kernel32

msvcrt

libwinpthread-1

libstdc++-6

libggml

libllama

Sections

.text Size: 480KB - Virtual size: 480KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 65KB - Virtual size: 65KB

.pdata Size: 9KB - Virtual size: 8KB

.xdata Size: 34KB - Virtual size: 33KB

.bss Size: - Virtual size: 5KB

.idata Size: 18KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 80B

/19 Size: 8KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 329B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 155B

.text
Size: 480KB - Virtual size: 480KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 65KB - Virtual size: 65KB

.pdata
Size: 9KB - Virtual size: 8KB

.xdata
Size: 34KB - Virtual size: 33KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 18KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 80B

/19
Size: 8KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 329B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 155B