268131a73d73dcf0df34d9cc1eac4bb813112881bdd197a1c6a239c6e61d1dfe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

268131a73d73dcf0df34d9cc1eac4bb813112881bdd197a1c6a239c6e61d1dfe.exe
Size

113KB
MD5

1a5ffb78baca4db1f61b9258ac99da0c
SHA1

b77186a246fbb85718ccab65958dd6befcd50799
SHA256

268131a73d73dcf0df34d9cc1eac4bb813112881bdd197a1c6a239c6e61d1dfe
SHA512

2e6b7f47b2e16f53353577d9ef14bb3431bc4be30b4a58b5c6fc412cc514eb06f3b6994d03c091143867b35b4f469c32e4e209d640c6441702ee118c3175e6c4
SSDEEP

3072:3WPDVsdn12o+BC7FtEyi7qusrqhx379dQI+EjXFn3zoMU1CR:3WPD6dn12o+BC7FtEyi7qdqhxLjQ0zok

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
268131a73d73dcf0df34d9cc1eac4bb813112881bdd197a1c6a239c6e61d1dfe.exe

Files

268131a73d73dcf0df34d9cc1eac4bb813112881bdd197a1c6a239c6e61d1dfe.exe
.exe windows:6 windows x64 arch:x64

05f73fe57f833523fe5cd1a97c37405b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_init
curl_easy_strerror
curl_easy_cleanup
curl_easy_setopt
curl_easy_perform

unrar

RARCloseArchive
RARReadHeader
RARProcessFile
RAROpenArchive

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
Process32First
SetConsoleTextAttribute
SetConsoleTitleA
SetUnhandledExceptionFilter
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Sleep
K32GetModuleFileNameExA
GetLastError
GetFileAttributesA
Process32Next
CloseHandle
CreateProcessA
CreateDirectoryA
LocalFree
GetCurrentProcess
TerminateProcess
GetStdHandle
IsProcessorFeaturePresent
RtlLookupFunctionEntry
RtlCaptureContext
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteExA

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_join
_Query_perf_counter
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

shlwapi

PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
_CxxThrowException
__std_exception_copy
__C_specific_handler
memchr
__std_exception_destroy
memset
memmove
memcmp
__current_exception_context
__std_terminate
__current_exception

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_exit
_get_initial_narrow_environment
system
_c_exit
__p___argv
_set_app_type
_seh_filter_exe
abort
_cexit
_beginthreadex
__p___argc
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_crt_atexit
exit
_configure_narrow_argv
_register_onexit_function
terminate
_initterm

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
__stdio_common_vsprintf_s
_pclose
fgetc
fopen
fputc
__p__commode
fgets
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
_popen
setvbuf
fgetpos
fwrite

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05f73fe57f833523fe5cd1a97c37405b

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

unrar

kernel32

advapi32

shell32

msvcp140

shlwapi

version

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 280B