New WinRAR archive[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

New WinRAR archive.rar
Size

274KB
MD5

def8242035a545701124a2c0c31de5a3
SHA1

00fcd5f6fa7f95093c6afd40bb30f2ef70ebd232
SHA256

df2f13b9944ef943b274c35758a783927b9fc6eee6d76785ffa64cf49a785abc
SHA512

c98b6a6b0fd7f42425c36535fe18f8204c57f36273b87f1ae1f5cccfe48cf5080a0e7d911ec703370d5a923c74d1bbf670fde91f5560fb6e4eab5dad6b4a9b47
SSDEEP

6144:IX04hA55RStH7SOQf1zYp47AIg3ZM33WU4Q5Vpe5oHEfya+Gidwmw0f4C:AkIbjQ9z6zIgpJ1Q5feQaGdied

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SynapseDowngrader.exe

Files

New WinRAR archive.rar
.rar
SynapseDowngrader.exe
.exe windows:6 windows x64 arch:x64

8db639027d825ac8221b7fcb404ec8c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Visual Studio Shit\SynapseDowngrader\x64\Release\SynapseDowngrader.pdb

Imports

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
__std_terminate
strchr
strstr
memcpy
wcschr
__C_specific_handler
memcmp
__std_exception_destroy
__std_exception_copy
strrchr
__current_exception_context
__current_exception
_CxxThrowException
memchr

api-ms-win-crt-stdio-l1-1-0

_wfopen
_set_fmode
__p__commode
__stdio_common_vsprintf
_read
fseek
feof
ftell
_write
_fileno
fputs
_close
_wopen
_lseeki64
fputc
_get_stream_buffer_pointers
__stdio_common_vsscanf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgets
__acrt_iob_func
fflush
__stdio_common_vfprintf
fgetc
fclose

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
realloc
calloc
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_onexit_table
_register_onexit_function
abort
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_initialize_narrow_environment
__p___argc
__sys_nerr
__sys_errlist
system
_cexit
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_errno
_exit
terminate
_beginthreadex
_set_app_type
exit
__p___argv
_get_initial_narrow_environment
_initterm
_configure_narrow_argv

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wstat64
_unlink
_fstat64
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-string-l1-1-0

wcspbrk
strcmp
strspn
_wcsdup
strpbrk
strncmp
wcsncpy
_strdup
strncpy
strcspn
wcsncmp
tolower

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtol
atoi
wcstombs

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

ws2_32

select
connect
recv
getpeername
__WSAFDIsSet
htonl
ioctlsocket
inet_pton
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
htons
socket
bind
recvfrom
sendto
accept
getsockname
listen
getaddrinfo
freeaddrinfo
setsockopt
WSAIoctl
gethostname

crypt32

CertGetNameStringW
CryptQueryObject
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertCreateCertificateChainEngine
CertOpenStore

ntdll

VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
Sleep
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
CloseHandle
WaitForSingleObjectEx
SleepEx
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
LocalFree
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

Sections

.text
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8db639027d825ac8221b7fcb404ec8c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

ntdll

kernel32

advapi32

Sections

.text Size: 445KB - Virtual size: 444KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 445KB - Virtual size: 444KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB