rusty-psn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rusty-psn.exe
Size

15.3MB
MD5

8a57b8663ae43e05b608b47734f406d3
SHA1

6169ebdbebed3261d0ab43b70963d227eac14b71
SHA256

ae692ef33cb147ca525211cd7add32d30299de4c38d471a70099bb7dc6832d28
SHA512

22140394c4d47a34509253455ea8576a8c6a72ac8d2ca0647c65d9f8660e15da75c041d47aaf4c414432509dbc936bb7bc8550f91800f8f82de81d8bdabcdbb4
SSDEEP

196608:UX++flEwIurx1QWwAldtw/B1RbRNK5KI2HHBPBg4RxTBNHCQ1ETD4Xw:Uu4lE769twZ1RbuAIgHB5gsTNp1ETD4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rusty-psn.exe

Files

rusty-psn.exe
.exe windows:6 windows x64 arch:x64

17f27b233865fbb6ab0505ee70633c3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rusty_psn.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

kernel32

GlobalUnlock
GlobalSize
GlobalLock
RtlVirtualUnwind
LoadLibraryW
LoadLibraryExW
GetSystemTimeAsFileTime
GetModuleFileNameW
SetThreadErrorMode
InitializeSListHead
IsDebuggerPresent
FreeLibrary
WaitForSingleObject
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentThread
SetUnhandledExceptionFilter
GetProcessHeap
HeapFree
HeapAlloc
CloseHandle
CreateMutexA
WaitForSingleObjectEx
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetLastError
CreateProcessW
GetWindowsDirectoryW
LoadLibraryA
GetSystemDirectoryW
GlobalAlloc
ReadFileEx
CreateNamedPipeW
ExitProcess
GetModuleHandleW
GetFileType
GetFinalPathNameByHandleW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FormatMessageW
GetFileInformationByHandle
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
DuplicateHandle
GetCurrentProcess
SetFileInformationByHandle
GetCommandLineW
GlobalFree
lstrlenW
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
GetEnvironmentVariableW
GetFileAttributesW
GetCurrentThreadId
Sleep
GetModuleHandleA
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemInfo
QueryPerformanceCounter
SetWaitableTimer
IsProcessorFeaturePresent
CreateWaitableTimerExW
SetHandleInformation
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetTimeZoneInformationForYear
CreateFileW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus

ole32

CoUninitialize
CoInitializeEx
OleInitialize
CoIncrementMTAUsage
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
RevokeDragDrop

user32

GetWindowRect
GetKeyboardLayout
IsProcessDPIAware
SetForegroundWindow
SendInput
MapVirtualKeyW
GetWindowTextW
GetWindowTextLengthW
GetSystemMenu
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
SystemParametersInfoA
SetWindowLongPtrW
DestroyIcon
ValidateRect
CreateIcon
ReleaseCapture
ShowCursor
RegisterWindowMessageA
KillTimer
SetTimer
GetMessageW
GetClipCursor
DefWindowProcW
GetWindowLongPtrW
ClipCursor
IsIconic
GetWindowLongW
RemovePropW
SetPropW
CallWindowProcW
AdjustWindowRectEx
GetPropW
RegisterRawInputDevices
GetRawInputData
DestroyWindow
GetKeyboardState
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetAsyncKeyState
GetKeyState
ReleaseDC
ShowWindow
FlashWindowEx
MapVirtualKeyExW
SetWindowLongW
SetCapture
ToUnicodeEx
SetCursorPos
ClientToScreen
GetMenu
GetForegroundWindow
GetClassInfoExW
GetClassNameW
PostMessageW
CloseClipboard
GetDC
SetClipboardData
EmptyClipboard
CreateIconFromResourceEx
SendMessageW
GetActiveWindow
GetClipboardData
SetWindowDisplayAffinity
OpenClipboard
EnableMenuItem
RegisterTouchWindow
GetSystemMetrics
CreateWindowExW
RegisterClassExW
InvalidateRgn
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
DispatchMessageW
TranslateMessage
PeekMessageW
GetClientRect
RedrawWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
TrackMouseEvent
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
MonitorFromRect
SetCursor
LoadCursorW

shell32

DragQueryFileW
SHCreateItemFromParsingName
DragFinish
SHGetKnownFolderPath

ws2_32

freeaddrinfo
getaddrinfo
WSAGetLastError
getsockname
getpeername
WSASocketW
bind
connect
shutdown
recv
send
WSASend
WSACleanup
WSAStartup
setsockopt
closesocket
WSAIoctl
getsockopt
ioctlsocket

advapi32

SystemFunction036
RegQueryValueExW
RegOpenKeyExW
ImpersonateAnonymousToken
RevertToSelf
RegCloseKey

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetVersion
NtCreateFile
NtWriteFile
NtReadFile
NtDeviceIoControlFile

oleaut32

SysAllocStringLen
SafeArrayCreateVector
GetErrorInfo
SafeArrayPutElement
SetErrorInfo
SysFreeString
SysStringLen

gdi32

SwapBuffers
CreateRectRgn
GetDeviceCaps
DeleteObject
DescribePixelFormat
ChoosePixelFormat
SetPixelFormat

dwmapi

DwmEnableBlurBehindWindow

opengl32

wglShareLists
wglCreateContext
wglGetCurrentDC
wglMakeCurrent
wglDeleteContext
wglGetCurrentContext
wglGetProcAddress

shlwapi

AssocQueryStringW

uiautomationcore

UiaReturnRawElementProvider
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaGetReservedNotSupportedValue
UiaLookupId

uxtheme

SetWindowTheme

imm32

ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetContext
ImmAssociateContextEx
ImmSetCandidateWindow
ImmReleaseContext

bcrypt

BCryptGenRandom

vcruntime140

memcmp
__current_exception_context
__current_exception
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
memmove
memcpy
memset

api-ms-win-crt-math-l1-1-0

ceil
sinf
pow
sin
powf
_hypotf
cosf
roundf
fmod
exp2f
acosf
log
truncf
cbrtf
__setusermatherr
round
floor
trunc
floorf
cos
atan2f
ceilf
expf

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
strerror
_exit
exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_initterm_e
terminate
_register_onexit_function
_crt_atexit
_c_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17f27b233865fbb6ab0505ee70633c3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

ole32

user32

shell32

ws2_32

advapi32

api-ms-win-core-winrt-l1-1-0

ntdll

oleaut32

gdi32

dwmapi

opengl32

shlwapi

uiautomationcore

uxtheme

imm32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 8.8MB - Virtual size: 8.8MB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 272KB - Virtual size: 271KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 8.8MB - Virtual size: 8.8MB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 272KB - Virtual size: 271KB

.reloc
Size: 43KB - Virtual size: 43KB