alterware_launcher.pdb
Static task
static1
Behavioral task
behavioral1
Sample
alterware-launcher.exe
Resource
win10-20240404-en
General
-
Target
alterware-launcher.exe
-
Size
2.7MB
-
MD5
4af0f95919968b3532fd5109f1e6fee6
-
SHA1
bdd35631146d1cc10f43374a14dc3d9c80168d37
-
SHA256
743db4f06c2d37ec3a1a5bc9869266638544b9acf24e1403e7776c1dff357284
-
SHA512
c3292412774dbb72132803786e7f30b6b87f976660b34fe78aca2222080acdefde9d44484914bdc889a79ef0e22582b6752b1f170b9067926c4b562dee1d763a
-
SSDEEP
49152:QTnKYBANPY2maIwCnY73C6YV0EoViMYdxHqPljH2mQtvt1w:Dv9jAtV1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource alterware-launcher.exe
Files
-
alterware-launcher.exe.exe windows:6 windows x64 arch:x64
b427525049d549a0fb53625f032e4804
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WakeByAddressSingle
WaitOnAddress
WakeByAddressAll
kernel32
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
FormatMessageW
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
LoadLibraryExA
RtlUnwindEx
GetLastError
SetFileCompletionNotificationModes
EncodePointer
RaiseException
GetStdHandle
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandleEx
GetCurrentThreadId
SetConsoleTextAttribute
HeapFree
HeapAlloc
GetTimeZoneInformationForYear
Sleep
GetModuleHandleA
GetProcAddress
GetProcessHeap
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
IsProcessorFeaturePresent
SetFileInformationByHandle
GetCurrentProcessId
WriteFileEx
SleepEx
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapReAlloc
lstrlenW
ReleaseMutex
FindNextFileW
FindClose
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
GetModuleHandleW
SetCurrentDirectoryW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetFullPathNameW
GetTempPathW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
TlsGetValue
TlsSetValue
GetExitCodeProcess
TlsFree
FreeLibrary
SetHandleInformation
ExitProcess
CreateProcessA
LocalFree
DeleteFileW
WaitForSingleObject
LoadLibraryExW
GetCommandLineW
GetModuleFileNameW
DuplicateHandle
GetCurrentProcess
CreateFileW
CloseHandle
GetSystemInfo
RtlPcToFileHeader
shell32
ShellExecuteExW
CommandLineToArgvW
ole32
CoInitializeEx
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ws2_32
connect
bind
WSASocketW
getpeername
getsockname
ioctlsocket
recv
send
WSASend
getsockopt
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
closesocket
getaddrinfo
shutdown
secur32
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
EncryptMessage
ApplyControlToken
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage
AcquireCredentialsHandleA
crypt32
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
oleaut32
SysStringLen
SysFreeString
ntdll
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
api-ms-win-crt-convert-l1-1-0
_wtoi64
api-ms-win-crt-string-l1-1-0
wcsncmp
strcpy_s
api-ms-win-crt-math-l1-1-0
truncf
trunc
ceil
pow
__setusermatherr
round
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
__p___argc
_seh_filter_exe
_set_app_type
__p___argv
_cexit
_exit
_configure_narrow_argv
_initialize_onexit_table
exit
_register_onexit_function
_crt_atexit
terminate
_initterm_e
abort
_initterm
_initialize_narrow_environment
_get_initial_narrow_environment
_c_exit
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
calloc
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 779KB - Virtual size: 778KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ