46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N

Sharing

Copy URL Twitter E-mail

General

Target

46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N
Size

30KB
MD5

d52ce75b76e65c1a13e7e0bd3c75a030
SHA1

467114cef4cdd0c2a01e42732fd6a0ed94fef28e
SHA256

46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42
SHA512

ce9bba0f14636eb3a8439a3ec15b8496d60441f3e70ff51e985a0c5d8d07acebc0402e41681500e1a1ffc19fa23275ad52253a7bb26f2572bcbe21fe622d729b
SSDEEP

384:hxM2C97q9/knHbIbWOlCq/KqrMjK3luhTV9gs7JsnthhOfymBBf9I0i58pxEPco/:hY9D7qWOlMAMqmvJsthUfIX8+FIHU4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N

Files

46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N
.exe windows:6 windows x64 arch:x64

bc13b83ba6d32a561c8495b72a5e9879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Projects\csharp-Apps\stub\x64\Release\stub.pdb

Imports

kernel32

SetLastError
DeviceIoControl
WaitForSingleObject
CreateFileW
GetLastError
OutputDebugStringW
GetSystemInfo
GlobalMemoryStatusEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext

user32

GetSystemMetrics
GetDesktopWindow

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

wininet

HttpSendRequestW
InternetOpenW
InternetConnectW
InternetReadFile
InternetErrorDlg
HttpOpenRequestW
InternetCloseHandle

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__std_exception_copy
__std_exception_destroy
memcmp
memset
__current_exception_context
_CxxThrowException
__std_terminate
__C_specific_handler
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__p__commode
_set_fmode
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_initterm_e
_initterm
_get_initial_narrow_environment
_exit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
__p___argv
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc13b83ba6d32a561c8495b72a5e9879

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 1024B - Virtual size: 996B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 152B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 1024B - Virtual size: 996B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 152B