C:\Users\shelu\Desktop\ez\nevermiss\FatNiggasEverywhere\santo\build\santo.pdb
Static task
static1
1 signatures
General
-
Target
RKU+free.exe
-
Size
2.2MB
-
MD5
1d259bfff20fca225dba52eeca3104e8
-
SHA1
3369a244a33c8ef2f49f6d80e23e5d6c7f2b9d24
-
SHA256
fa277754eaa04bdf3e94d2a097eca9da627169ae3fc2ba019b3da6f30857463e
-
SHA512
67da7c62dad7a3d69f2ec6a321200e9c5cebcfbabb4e7f8eff43a05eb22ca3eb212e6a6534a43d812b570923e7bc45b1a807a4b19e7e526103db3a77d507ddd8
-
SSDEEP
49152:tt351NJ97b7b7bq/TtE0qzDg1hXnLUZHRKttY+z+4y5PnL1dxhVQcmYDE:tZNCtNqvZxKttYN/PnL1ZVF
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RKU+free.exe
Files
-
RKU+free.exe.exe windows:6 windows x64 arch:x64
8d6309606132bc304aef242385f3cfce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
winmm
PlaySoundA
kernel32
WideCharToMultiByte
GlobalUnlock
GetTickCount
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetFileSizeEx
ReadFile
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GlobalFree
GetModuleHandleW
GetCurrentThreadId
lstrcmpiA
InitializeSListHead
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
CloseHandle
Process32Next
GlobalLock
GlobalAlloc
MultiByteToWideChar
IsDebuggerPresent
TerminateThread
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
GetCurrentProcess
GetCurrentProcessId
Process32First
GetProcAddress
GetModuleHandleA
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
SetConsoleTitleA
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
user32
GetForegroundWindow
DispatchMessageA
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
SetWindowLongA
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
MonitorFromWindow
SendInput
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetDC
FindWindowA
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
GetKeyboardLayout
TrackMouseEvent
GetAsyncKeyState
ScreenToClient
GetCapture
ClientToScreen
gdi32
GetPixel
CreateSolidBrush
advapi32
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
shell32
ShellExecuteA
SHGetFolderPathW
msvcp140
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Mtx_lock
_Query_perf_counter
_Mtx_unlock
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Thrd_detach
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
ntdll
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
dbghelp
ImageDirectoryEntryToData
ImageRvaToVa
ImageNtHeader
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
d3dcompiler_43
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__intrinsic_setjmp
__current_exception_context
__current_exception
memcmp
memchr
memset
memmove
memcpy
strstr
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
strrchr
longjmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
_fseeki64
__p__commode
ungetc
__stdio_common_vsscanf
fsetpos
_wfopen
setvbuf
fgetpos
__stdio_common_vsprintf
ftell
_get_stream_buffer_pointers
ferror
fopen
__acrt_iob_func
fflush
fgetc
fclose
__stdio_common_vsnprintf_s
_set_fmode
clearerr
fputc
fread
feof
_lseek
fwrite
_fileno
_open
fgets
_write
_close
_setmode
__stdio_common_vfprintf
fseek
_read
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
free
_callnewh
api-ms-win-crt-math-l1-1-0
acosf
cosf
sinf
sqrtf
atan2f
_dsign
fmodf
__setusermatherr
ceilf
powf
fminf
api-ms-win-crt-convert-l1-1-0
strtoll
strtol
strtoull
atof
strtod
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
_mkdir
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-runtime-l1-1-0
_errno
terminate
_beginthreadex
perror
abort
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
__p___argv
exit
api-ms-win-crt-string-l1-1-0
strncpy
tolower
strncmp
strcmp
_stricmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
rand
api-ms-win-crt-time-l1-1-0
_time64
strftime
_localtime64
Exports
Exports
OPENSSL_Applink
Sections
.text Size: 950KB - Virtual size: 949KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 271KB - Virtual size: 271KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1015KB - Virtual size: 1023KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ