rust-dave-sideload[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

rust-dave-sideload.zip
Size

1.1MB
MD5

e2e78b15bc4bac9a659ccbef10e261b2
SHA1

679e64d03ab32227e1b2573035352f3ca8fa165c
SHA256

6f095907a58ecff4d78e0aa3ce1f8a8202354fda9feb8f91cfef40c92c1672e5
SHA512

1169e4c8e206c3eb6a3f08a3ac1417c9d6c0d9de8e23d91a19d0ed9342822467cbd14605e8d7a76996a6f309e8031d7892603a569c3eea741c3bc41b92e972ec
SSDEEP

24576:HqYdst6ezpgwdmrixQULBlq7/R8EA3qS926aKvEG1TNnIIZEkmzDwY:InRQri+ULm7/R8b92SMG7IVkm/n

Score

1^/10

Malware Config

Signatures

Files

rust-dave-sideload.zip
.zip
OneDrive.exe
.exe windows:6 windows x64 arch:x64

4f6a6d8af79b59898a82d86c7ec5a7eb

Code Sign

33:00:00:05:4e:12:b9:0a:00:7b:12:49:99:00:00:00:00:05:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:50

Not After

16-10-2024 19:50

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:a6:e9:3a:20:da:6d:26:7c:d7:19:f8:86:1e:77:02:2d:6f:85:6a:f2:91:75:ca:66:28:1d:05:78:40:a0:82
Signer

Actual PE Digest

d1:a6:e9:3a:20:da:6d:26:7c:d7:19:f8:86:1e:77:02:2d:6f:85:6a:f2:91:75:ca:66:28:1d:05:78:40:a0:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\sh\odct\0202_163225_0\client\onedrive\Product\UX\Exe\obj\amd64\OneDrive.pdb

Imports

kernel32

GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetVolumePathNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
IsDebuggerPresent
SetHandleInformation
CreatePipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
IsWow64Process
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
ReadDirectoryChangesW
CreateSymbolicLinkW
CompareStringOrdinal
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
MoveFileExW
ReplaceFileW
GetComputerNameW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
GetDllDirectoryW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
GetFileSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
CreateFileW
CreateDirectoryW
SetThreadInformation
GetSystemTimes
SetProcessShutdownParameters
GetExitCodeProcess
GetProcessTimes
WaitForMultipleObjects
CreateEventW
ReleaseMutex
GetLongPathNameW
SetLastError
VerifyVersionInfoW
GetProductInfo
VerSetConditionMask
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
K32GetModuleFileNameExW
GetUserDefaultLCID
GetUserGeoID
LCIDToLocaleName
SystemTimeToFileTime
MoveFileW
LocalAlloc
GetModuleFileNameW
GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
OpenProcess
TerminateProcess
GetCurrentProcess
CreateMutexW
WaitForSingleObject
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
FindFirstFileW
FindClose
InitializeCriticalSectionEx
DeleteFileW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateProcessW
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
SetDllDirectoryW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
DeleteCriticalSection
DecodePointer
GetLastError
SetEnvironmentVariableW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetLocaleInfoEx
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW

user32

RegisterClipboardFormatW
PostMessageW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
SendMessageTimeoutW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
RegisterClassW
SetClipboardData
CloseClipboard
OpenClipboard
CreateWindowExW
DestroyWindow
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
AdjustTokenPrivileges
CreateProcessWithTokenW
GetUserNameW
SetFileSecurityW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyTransactedW
GetAclInformation
FreeSid
DuplicateTokenEx
CreateWellKnownSid
AllocateAndInitializeSid
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
RegSetKeyValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHChangeNotify
SHParseDisplayName
ShellExecuteExW
SHCreateItemFromParsingName
SHAssocEnumHandlers
SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
ord526

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CreateBindCtx
CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CreateItemMoniker
GetRunningObjectTable

oleaut32

LoadTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo

crypt32

CertFindExtension
CryptStringToBinaryW
CryptBinaryToStringW

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcStringBindingComposeW
RpcStringFreeW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcEpUnregister
RpcServerInqCallAttributesW

secur32

GetUserNameExW

shlwapi

PathStripPathW
PathIsDirectoryW
PathFileExistsW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
StrStrIW
SHCreateStreamOnFileW
AssocQueryStringW
SHRegGetBoolUSValueW
SHRegGetPathW
SHRegGetValueW
SHSetValueW
SHGetValueA
SHDeleteValueW
SHDeleteKeyW
PathIsPrefixW
SHRegGetUSValueW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCheckConnectionW
InternetCanonicalizeUrlW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW

Sections

.text
Size: 646KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VERSION.dll
.dll windows:6 windows x64 arch:x64

42096025e642a83340d077a0db9d9a7b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-03-2021 00:00

Not After

05-06-2024 23:59

Subject

CN=Micro-Star International CO.\, LTD.,O=Micro-Star International CO.\, LTD.,L=Zhonghe District,ST=New Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:87:ba:3f:0c:32:d0:14:91:17:a4:fd:d0:ff:37:7b:59:c7:c1:6a
Signer

Actual PE Digest

ad:87:ba:3f:0c:32:d0:14:91:17:a4:fd:d0:ff:37:7b:59:c7:c1:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rust_dave_sideload.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

HeapSize
GetStringTypeW
SetStdHandle
CloseHandle
GetProcAddress
GetNativeSystemInfo
VirtualQuery
VirtualAlloc
VirtualFree
VirtualProtect
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
SetThreadStackGuarantee
GetCurrentThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
Sleep
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
SetFilePointerEx
GetStdHandle
GetCurrentProcessId
SetHandleInformation
WriteFileEx
SleepEx
TerminateProcess
HeapFree
lstrlenW
ReleaseMutex
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
CopyFileExW
ReadFile
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
RtlUnwind
CreateThread
GetFullPathNameW
GetModuleHandleA
GetProcessHeap
HeapAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetConsoleOutputCP
WriteFile
HeapReAlloc
ReadConsoleW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
InterlockedFlushSList
RaiseException
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

ws2_32

listen
bind
getaddrinfo
WSASocketW
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
closesocket
accept

Exports

Exports

DllMain
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f6a6d8af79b59898a82d86c7ec5a7eb

Code Sign

33:00:00:05:4e:12:b9:0a:00:7b:12:49:99:00:00:00:00:05:4eCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

d1:a6:e9:3a:20:da:6d:26:7c:d7:19:f8:86:1e:77:02:2d:6f:85:6a:f2:91:75:ca:66:28:1d:05:78:40:a0:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

secur32

shlwapi

version

wininet

wtsapi32

userenv

Sections

.text Size: 646KB - Virtual size: 646KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 6KB - Virtual size: 6KB

42096025e642a83340d077a0db9d9a7b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75Certificate

Extended Key Usages

Key Usages

ad:87:ba:3f:0c:32:d0:14:91:17:a4:fd:d0:ff:37:7b:59:c7:c1:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

bcrypt

advapi32

ntdll

ws2_32

Exports

Exports

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 434KB - Virtual size: 433KB

.data Size: 89KB - Virtual size: 94KB

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 7KB - Virtual size: 6KB

33:00:00:05:4e:12:b9:0a:00:7b:12:49:99:00:00:00:00:05:4e
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

d1:a6:e9:3a:20:da:6d:26:7c:d7:19:f8:86:1e:77:02:2d:6f:85:6a:f2:91:75:ca:66:28:1d:05:78:40:a0:82
Signer

.text
Size: 646KB - Virtual size: 646KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 6KB - Virtual size: 6KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:88:60:32:86:1d:95:53:c6:8f:80:33:13:a9:89:75
Certificate

ad:87:ba:3f:0c:32:d0:14:91:17:a4:fd:d0:ff:37:7b:59:c7:c1:6a
Signer

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 434KB - Virtual size: 433KB

.data
Size: 89KB - Virtual size: 94KB

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 7KB - Virtual size: 6KB