af865b2f9bc9acf1362aa311611e47b1c9aad80ad449f599e3830c9fe2aa77e9

Sharing

Copy URL

Twitter E-mail

General

Target

af865b2f9bc9acf1362aa311611e47b1c9aad80ad449f599e3830c9fe2aa77e9
Size

2.1MB
MD5

dce268ea5538f054d64c824ff93db0fb
SHA1

727d9c5c22f9a7fc86871d1ccbd2943d5051068c
SHA256

af865b2f9bc9acf1362aa311611e47b1c9aad80ad449f599e3830c9fe2aa77e9
SHA512

895955d89a483f028ceeae6539d778c4d0d0a4e042309aeee6de8b4da97e10ece3c7adbed4446523bbf98de3fcef968b6af90494ac6fde9589aa001807e45fbe
SSDEEP

24576:s/QMtTC2Zf+l3ZfGqxkm1DZIUfRS9kAxhx3pY+rckCD/:sfV0vTDZODzeT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af865b2f9bc9acf1362aa311611e47b1c9aad80ad449f599e3830c9fe2aa77e9

Files

af865b2f9bc9acf1362aa311611e47b1c9aad80ad449f599e3830c9fe2aa77e9
.exe windows:6 windows x86 arch:x86

3421c6dabff90ccbd1b6ac95201e9f16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Repos\jx1-vs2022\Sources\MultiServer\Goddess\Debug\Goddess.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
Sleep
TerminateThread
MultiByteToWideChar
CreateThread
SuspendThread
ResumeThread
GetSystemTime
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
SetEndOfFile
CreateFileW
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapQueryInformation
HeapSize
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
SetConsoleCtrlHandler
OutputDebugStringA
SetEvent
ResetEvent
CreateEventA
PulseEvent
CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileSize
WriteFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetCurrentDirectoryA
GetCurrentThreadId
GetModuleFileNameA
FormatMessageA
GetComputerNameA
WideCharToMultiByte
LocalFree
GetLocaleInfoEx
EncodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetStartupInfoW
GetModuleHandleW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
HeapValidate
GetSystemInfo
GetDriveTypeW
GetFullPathNameW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
GetCurrentThread
DecodePointer

user32

MessageBeep
wsprintfA
UnregisterClassA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PostMessageA
IsDialogMessageA
SetWindowTextA
UpdateWindow
EnableWindow
KillTimer
SetTimer
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
CreateDialogParamA
ShowWindow
DestroyWindow
IsWindow
PostQuitMessage

comdlg32

GetOpenFileNameA

libdb62d

ord2
ord3

ws2_32

gethostname
gethostbyname

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

GetUserNameA

Sections

.textbss
Size: - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3421c6dabff90ccbd1b6ac95201e9f16

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

libdb62d

ws2_32

version

advapi32

Sections

.textbss Size: - Virtual size: 831KB

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 285KB - Virtual size: 284KB

.data Size: 10KB - Virtual size: 752KB

.idata Size: 6KB - Virtual size: 6KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 58KB - Virtual size: 57KB

.textbss
Size: - Virtual size: 831KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 285KB - Virtual size: 284KB

.data
Size: 10KB - Virtual size: 752KB

.idata
Size: 6KB - Virtual size: 6KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 58KB - Virtual size: 57KB