RouteGuardPrivate[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RouteGuardPrivate.exe
Size

51.6MB
MD5

fe94be9038797cdcdc26c82c667b12c3
SHA1

28f87f39a247e4345dfdd2d27989249d69c9fc9d
SHA256

e0ca0a34b7853aebc27a13877f230639bf3d8b33bacfaa2717d12108d0f576f8
SHA512

8398fad28199561fddf6f93844fade104926c056a1038b42d96bea11ba1da0ad92741695fb172da881948d6ea1eaa2145d13bafc477f9ae5e5e36f4da7f0aefb
SSDEEP

786432:PjE7Q2xi/aU+pTyX8LQSFkdHYEWrCchBA7fAgOqPxqXg3O1UFk4j7HL3Hme:PEQGiiU+D69YEWrCqBgfqyxqQf7HL3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RouteGuardPrivate.exe

Files

RouteGuardPrivate.exe
.exe windows:6 windows x64 arch:x64

90bcdbe8b830fe0de01469ae66915030

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

ReadProcessMemory
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

ReleaseCapture

advapi32

LookupPrivilegeValueA

libcurl

curl_easy_init

imm32

ImmSetCompositionWindow

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

dwmapi

DwmExtendFrameIntoClientArea

ntdll

NtQuerySystemInformation

dbghelp

ImageDirectoryEntryToData

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception

api-ms-win-crt-stdio-l1-1-0

fsetpos

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LC2
Size: - Virtual size: 32.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.3-j
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.[?4
Size: 51.6MB - Virtual size: 51.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90bcdbe8b830fe0de01469ae66915030

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

libcurl

imm32

msvcp140

dwmapi

ntdll

dbghelp

d3dx11_43

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: - Virtual size: 609KB

.rdata Size: - Virtual size: 301KB

.data Size: - Virtual size: 816KB

.pdata Size: - Virtual size: 26KB

.LC2 Size: - Virtual size: 32.0MB

.3-j Size: 4KB - Virtual size: 4KB

.[?4 Size: 51.6MB - Virtual size: 51.6MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 609KB

.rdata
Size: - Virtual size: 301KB

.data
Size: - Virtual size: 816KB

.pdata
Size: - Virtual size: 26KB

.LC2
Size: - Virtual size: 32.0MB

.3-j
Size: 4KB - Virtual size: 4KB

.[?4
Size: 51.6MB - Virtual size: 51.6MB

.rsrc
Size: 512B - Virtual size: 480B