scriptwa shitty offset dumper[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

scriptwa shitty offset dumper.exe
Size

102KB
MD5

9a2db050839dd2611c59bc383eee77e6
SHA1

36d20e41a133c6110211dd465fc3d1655589d228
SHA256

6ec9f57e630cc0bf39ca491f84cc5225a8eaa21f736a7fd7e2dcb875e0158839
SHA512

41ec8b23a702eb288c2795d7da147b2c4aa230e4ac292851e516714d4775ed6b3a86ff1027be4bc5c006754d40837860f03f3fefed843f6a2113764655ab3e77
SSDEEP

1536:9jG1wC9Y+nfDvjyAPzHbmz9lYZ8AYzX2COqRI8n5tr9KW:9jg79Y2DvrYAiXlFREW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
scriptwa shitty offset dumper.exe

Files

scriptwa shitty offset dumper.exe
.exe windows:6 windows x64 arch:x64

d14acbbfca12276c5339d75a3a57bd9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Kulle\Desktop\scriptwa shitty offset dumper\x64\Release\scriptwa shitty offset dumper.pdb

Imports

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
__current_exception
memcmp
__current_exception_context
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

_dsign
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtod

api-ms-win-crt-stdio-l1-1-0

_popen
__stdio_common_vsprintf
_set_fmode
fgets
_pclose
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_initialize_onexit_table
_register_onexit_function
_errno
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
SetUnhandledExceptionFilter

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d14acbbfca12276c5339d75a3a57bd9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 192B