c58fbc7729154b16e8fc09db95f0bdc0N

Sharing

Copy URL

Twitter E-mail

General

Target

c58fbc7729154b16e8fc09db95f0bdc0N
Size

4.0MB
MD5

c58fbc7729154b16e8fc09db95f0bdc0
SHA1

a99be27fae5d198676c0317018531b80ffbd8cfb
SHA256

856692c7ed1e4cb0bfc46001ed20960d92500de4183254b9e7323018e4836713
SHA512

7c10f31cba0077a0e311b7ef945b9be4d13e9307321d6b0e00072a7ff49d39c4429e56c4b222d1f65cafbc7f6d24a7668ac4498836feb17ccba4ec15d52fe51b
SSDEEP

49152:LMtA2rcw1HVQj1rY2I+/tKpmZ5GuxRQGrCuu9w2DluMy7J4ylRe30jaNf1TWbdz:LGA2Qw5A1rYQK4xEuU023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c58fbc7729154b16e8fc09db95f0bdc0N

Files

c58fbc7729154b16e8fc09db95f0bdc0N
.exe windows:6 windows x64 arch:x64

71cc03cbc053620d48e08b459f0abeda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\bin\x64\Release\wslg.pdb

Imports

kernel32

GetCurrentProcess
ExitProcess
GetExitCodeProcess
GetCurrentThread
GetSystemDirectoryW
GetModuleFileNameW
LocalFree
VerifyVersionInfoW
GetConsoleMode
SetConsoleCtrlHandler
CreatePseudoConsole
ClosePseudoConsole
FlushConsoleInputBuffer
GetConsoleScreenBufferInfoEx
K32GetModuleFileNameExW
DuplicateHandle
SetHandleInformation
ConnectNamedPipe
GetOverlappedResult
CancelIoEx
WaitForMultipleObjects
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
AllocConsole
AttachConsole
SetConsoleTitleW
GetPackagesByPackageFamily
MultiByteToWideChar
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFinalPathNameByHandleW
GetFullPathNameW
GetTempFileNameW
SetFileAttributesW
SetFileInformationByHandle
GetTempPathW
GetComputerNameExA
FindStringOrdinal
LocalAlloc
GetFileInformationByHandleEx
GetUserPreferredUILanguages
SetFilePointer
UpdateProcThreadAttribute
SetThreadDescription
CreateJobObjectW
AssignProcessToJobObject
CreateEventExW
FreeLibrary
LoadLibraryW
GetCurrentPackageId
GetPackageFamilyName
K32EnumProcesses
GetConsoleCP
GetConsoleOutputCP
SetConsoleMode
SetConsoleCP
SetConsoleOutputCP
GetConsoleScreenBufferInfo
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
LoadLibraryExW
PeekConsoleInputW
SetProcessMitigationPolicy
Sleep
WriteConsoleW
SetConsoleCursorPosition
RaiseException
TerminateProcess
ReadProcessMemory
ResizePseudoConsole
ResetEvent
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEndOfFile
SetEnvironmentVariableW
GetCommandLineA
HeapSize
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEvent
CreateNamedPipeW
WriteFile
RemoveDirectoryW
GetFileType
DeleteFileW
CreateFileW
CreateDirectoryW
SetCurrentDirectoryW
GetStdHandle
VerSetConditionMask
GetCommandLineW
WideCharToMultiByte
FormatMessageW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
DecodePointer
OutputDebugStringW
IsDebuggerPresent
DebugBreak
SetInformationJobObject
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
InitOnceExecuteOnce
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceComplete
InitOnceBeginInitialize
CreateSymbolicLinkW
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindFirstFileExW
GetStringTypeW
GetLocaleInfoEx
FormatMessageA
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread

user32

UnregisterClassW
MessageBoxW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoUninitialize
CoCreateFreeThreadedMarshaler
CoImpersonateClient
CoInitializeSecurity
CoCreateInstance
CoRevertToSelf
CoGetCallContext

advapi32

EventWriteTransfer
EventWriteEx
EventSetInformation
EventUnregister
EventRegister
LookupPrivilegeValueW
SetTokenInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
DuplicateTokenEx
CreateRestrictedToken
CheckTokenMembership
AdjustTokenPrivileges
SetThreadToken
RegDeleteTreeW
RegSetKeyValueW
RegDeleteKeyValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
ReportEventW
ConvertSidToStringSidW
RegOpenCurrentUser
CreateProcessAsUserW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegGetValueW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenThreadToken
OpenProcessToken

ws2_32

send
WSAStartup
ioctlsocket
setsockopt
WSAGetOverlappedResult
WSAGetLastError
WSASend
bind
listen
WSAIoctl
WSASocketW
shutdown
WSARecv
InetNtopW
closesocket

userenv

GetUserProfileDirectoryW
CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec

ntdll

RtlEthernetStringToAddressW
NtCreateFile
NtDeviceIoControlFile
NtQueryInformationProcess
RtlInitUnicodeString
NtQueryInformationFile
NtSetInformationFile
NtQueryEaFile
ZwQueryKey
RtlInitializeSidEx
NtOpenFile
NtCreateNamedPipeFile
NtClose
NtWaitForSingleObject
NtCreateEvent
NtReadFile
RtlIpv4AddressToStringA
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringA
RtlIpv6AddressToStringW
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtWriteFile
NtCancelIoFileEx

rpcrt4

UuidFromStringW
RpcRevertToSelf
RpcImpersonateClient

mswsock

AcceptEx

shlwapi

PathUnquoteSpacesW
PathIsRelativeW

wintrust

WinVerifyTrust

msi

ord88
ord16
ord137
ord141
ord169

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringLen
SysAllocString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71cc03cbc053620d48e08b459f0abeda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

advapi32

ws2_32

userenv

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-path-l1-1-0

ntdll

rpcrt4

mswsock

shlwapi

wintrust

msi

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 67KB - Virtual size: 85KB

.pdata Size: 71KB - Virtual size: 70KB

_RDATA Size: 1024B - Virtual size: 640B

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 67KB - Virtual size: 85KB

.pdata
Size: 71KB - Virtual size: 70KB

_RDATA
Size: 1024B - Virtual size: 640B

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 592KB - Virtual size: 596KB