f47ecf7c67145eda1d0b289db22bf541d663113e4274b98eedcd078932a52d92

Sharing

Copy URL

Twitter E-mail

General

Target

f47ecf7c67145eda1d0b289db22bf541d663113e4274b98eedcd078932a52d92
Size

340KB
MD5

e624697f8a273a5f9214364373d713ea
SHA1

784e282d9aa64ea7372a521380800f7de9214ebd
SHA256

f47ecf7c67145eda1d0b289db22bf541d663113e4274b98eedcd078932a52d92
SHA512

89290604bb47c0ced9065bb91f9bc301ff5c86c3958a92fdd9559da475b5dcc79662d7657c93ace8aaf2aec1abb46cf78d83342a4abbf2d606eee8284530ba43
SSDEEP

6144:ezRFgFddI1rJJJ655ZZjxUEucHBG+r55/gdL58KHT30cIoHQNhVBbMULam:S46aBv59gdV8gHQJ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f47ecf7c67145eda1d0b289db22bf541d663113e4274b98eedcd078932a52d92

Files

f47ecf7c67145eda1d0b289db22bf541d663113e4274b98eedcd078932a52d92
.exe windows:4 windows x64 arch:x64

d7926fba8620bcf972a8d82a622dae95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

libstdc++-6

_ZNKSt10filesystem7__cxx114path5_List13_Impl_deleterclEPNS2_5_ImplE
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5emptyEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6substrEyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEcvSt17basic_string_viewIcS2_EEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEy
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4sizeEv
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7_M_dataEv
_ZNKSt7codecvtIwciE10do_unshiftERiPcS2_RS2_
_ZNKSt7codecvtIwciE11do_encodingEv
_ZNKSt7codecvtIwciE13do_max_lengthEv
_ZNKSt7codecvtIwciE16do_always_noconvEv
_ZNKSt7codecvtIwciE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt7codecvtIwciE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt7codecvtIwciE9do_lengthERiPKcS3_y
_ZNKSt9basic_iosIcSt11char_traitsIcEE5rdbufEv
_ZNKSt9basic_iosIcSt11char_traitsIcEEntEv
_ZNSaIcEC1Ev
_ZNSaIcED1Ev
_ZNSaIcED2Ev
_ZNSaIwEC1Ev
_ZNSaIwED1Ev
_ZNSaIwED2Ev
_ZNSolsEPFRSoS_E
_ZNSolsEl
_ZNSt10filesystem6statusERKNS_7__cxx114pathE
_ZNSt10filesystem7__cxx1116filesystem_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10error_code
_ZNSt10filesystem7__cxx1116filesystem_errorD1Ev
_ZNSt10filesystem7__cxx114path14_M_split_cmptsEv
_ZNSt10filesystem7__cxx114path5_ListC1Ev
_ZNSt13random_device7_M_initERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13random_device9_M_getvalEv
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt15basic_streambufIcSt11char_traitsIcEE5sgetcEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE6sbumpcEv
_ZNSt3_V216generic_categoryEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE11_M_capacityEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_Alloc_hiderC1EPcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_set_lengthEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcPKcS7_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEPc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE11_M_capacityEy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE12_Alloc_hiderC1EPwRKS3_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_M_set_lengthEy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_S_copy_charsEPwPKwS7_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE3endEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4backEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5beginEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5clearEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5frontEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7_M_dataEPw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EOS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1Ev
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEED1Ev
_ZNSt7codecvtIwciEC2Ey
_ZNSt7codecvtIwciED2Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt17__throw_bad_allocv
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt24__throw_invalid_argumentPKc
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZdlPvy
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_rethrow
__cxa_throw
__gxx_personality_seh0

kernel32

AllocConsole
CheckRemoteDebuggerPresent
CloseHandle
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OutputDebugStringA
SetConsoleOutputCP
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
fputc
free
freopen_s
fwrite
localeconv
malloc
memcmp
memcpy
memmove
memset
signal
strerror
strlen
strncmp
strtol
vfprintf
wcscmp
wcslen

shell32

CommandLineToArgvW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 221B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7926fba8620bcf972a8d82a622dae95

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_seh-1

libstdc++-6

kernel32

msvcrt

shell32

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 512B - Virtual size: 304B

.rdata Size: 8KB - Virtual size: 8KB

/4 Size: 512B - Virtual size: 4B

.pdata Size: 4KB - Virtual size: 4KB

.xdata Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 236B

/14 Size: 512B - Virtual size: 80B

/29 Size: 4KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 175B

/55 Size: 512B - Virtual size: 221B

/67 Size: 512B - Virtual size: 119B

.rsrc Size: 82KB - Virtual size: 81KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 304B

.rdata
Size: 8KB - Virtual size: 8KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 4KB - Virtual size: 4KB

.xdata
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 236B

/14
Size: 512B - Virtual size: 80B

/29
Size: 4KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 175B

/55
Size: 512B - Virtual size: 221B

/67
Size: 512B - Virtual size: 119B

.rsrc
Size: 82KB - Virtual size: 81KB