3037ef4125a97bb2061b1e8b9a916896584e48852fb533a83b88711b8fb921c6

Sharing

Copy URL Twitter E-mail

General

Target

3037ef4125a97bb2061b1e8b9a916896584e48852fb533a83b88711b8fb921c6
Size

725KB
MD5

384c2dfc3ed390b8147deaa20f0f1231
SHA1

0437a8935c08c40a031434c7dd2653913ea92769
SHA256

3037ef4125a97bb2061b1e8b9a916896584e48852fb533a83b88711b8fb921c6
SHA512

de46cfe81de92c06f2ec76d81dc016bd9168412caf0581a0bcbc9068527daa87c5af8bce8917ebc2121f7d771f24d2211b3d88631633add7e83be2d6b2babae3
SSDEEP

12288:Y1lh0pJ6USuA6qHXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DX:YipJZCHsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3037ef4125a97bb2061b1e8b9a916896584e48852fb533a83b88711b8fb921c6

Files

3037ef4125a97bb2061b1e8b9a916896584e48852fb533a83b88711b8fb921c6
.exe windows:6 windows x64 arch:x64

d975c2c3c5293a2210024c5a20dba029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\MouriNaruto\NSudoPrivate\Source\Native\Output\Binaries\Release\x64\NSudoLC.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
GetConsoleOutputCP
LoadResource
GetProcAddress
FreeLibrary
WideCharToMultiByte
SleepEx
QueryPerformanceCounter
RtlLookupFunctionEntry
ReadFile
GetFileInformationByHandleEx
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
GetLocalTime
WaitForSingleObjectEx
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
GetModuleHandleW
GetProcessHeap
HeapAlloc
CloseHandle
GetThreadUILanguage
GetLastError
CreateFileW
SetThreadUILanguage
WriteFile
GetStdHandle
GetCommandLineW
SetLastError
HeapFree
FindResourceExW
GetModuleHandleExW
ExitProcess
Sleep
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
EncodePointer
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
RtlCaptureContext

advapi32

GetTokenInformation
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_callnewh
_initterm
_initterm_e
_set_fmode
abort
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__getmainargs
_environ
_msize
_XcptFilter
__set_app_type
__argc
__argv
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
ceil
log10
realloc
_clearfp
malloc
free
strncmp
_wcsicmp
strrchr
memmove
__DestructExceptionObject
_amsg_exit
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
_wcsnicmp
memcpy
memcmp

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d975c2c3c5293a2210024c5a20dba029

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

userenv

wtsapi32

msvcrt

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 568KB - Virtual size: 572KB