74cd7d5fcfe549b943c2c06e8e267920N

Sharing

Copy URL Twitter E-mail

General

Target

74cd7d5fcfe549b943c2c06e8e267920N
Size

568KB
MD5

74cd7d5fcfe549b943c2c06e8e267920
SHA1

7e4156eb3662a05179e4bf3901a66dfe57c1862b
SHA256

f7efd2ddee759566a77de0572d7cd43abd2e673c1a3ae260f9b69d8790259e81
SHA512

dfffd9a297a64c70b7c34905959ff83b5603c3d757598d3044db925206404450c14ae23703d389c6476de6d5340b69e622c1959382ab2a6eb5fc3e00b8fabe99
SSDEEP

12288:6Ob8WMccvGtM7EpMCawtgrvqGlLJDaclUCjR:6ODWEpMCaH1ZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74cd7d5fcfe549b943c2c06e8e267920N

Files

74cd7d5fcfe549b943c2c06e8e267920N
.exe windows:6 windows x64 arch:x64

188912c25c2eec475e7266dd8e6de3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD_STAGING\WhiteRabbit\PlatypusDst\ProxyT\TandemRunner\Release\x64\TandemRunner.pdb

Imports

kernel32

FindFirstVolumeW
GetVolumeInformationW
CopyFileA
Process32FirstW
GetCurrentThread
WideCharToMultiByte
InitializeCriticalSectionEx
GetThreadPriority
GetCurrentProcessId
CreateMutexW
FindFirstFileW
CreateProcessW
SystemTimeToFileTime
MoveFileExW
GetCurrentProcess
WaitForSingleObject
OpenProcess
GetExitCodeProcess
Beep
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
FindClose
GetLocalTime
LoadLibraryA
LocalAlloc
RemoveDirectoryW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
LocalFree
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetSystemInfo
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
VerifyVersionInfoW
GetVersionExW
GetModuleHandleW
VerSetConditionMask
FindVolumeClose
GlobalFree
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetWindowsDirectoryA
LockResource
MultiByteToWideChar
SizeofResource
InitializeCriticalSectionAndSpinCount
GetPriorityClass
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
FreeLibrary
CloseHandle
DeviceIoControl
GetProcAddress
GetCurrentDirectoryW
GetLastError
CreateFileW
SetFilePointer
GetStringTypeW
GetFileType
SetConsoleCtrlHandler
LoadLibraryExW
FatalAppExitA
DeleteCriticalSection
ReadConsoleW
GetConsoleMode
GetConsoleCP
RaiseException
RtlPcToFileHeader
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CopyFileW
Sleep
LoadLibraryW
GetSystemDirectoryW
SetStdHandle
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSize
GetCurrentThreadId
GetCPInfo
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
VirtualAlloc
VirtualProtect
VirtualQuery
ReadFile
GetCommandLineA
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
HeapDestroy

user32

GetWindow
FlashWindow
IsWindow
ShowWindow
GetDesktopWindow
GetDC
GetParent
GetWindowTextLengthW
CloseWindow
SetForegroundWindow
AnimateWindow
GetForegroundWindow
IsWindowVisible
MessageBoxW
DrawIcon
EnableWindow
FindWindowW

gdi32

GetPixel

advapi32

OpenProcessToken
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
ConvertSidToStringSidW
GetLengthSid
IsValidSid
CopySid
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
ControlService
QueryServiceStatusEx
StartServiceW
OpenServiceW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

winhttp

WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

userenv

UnloadUserProfile

ws2_32

WSACleanup
WSAStartup
gethostbyname

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

188912c25c2eec475e7266dd8e6de3df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winhttp

iphlpapi

userenv

ws2_32

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 6KB - Virtual size: 6KB