3c0ca116d663d33eee3aed74fd1e2f11c8a4667792a01e80db89638d985d8cebN

Sharing

Copy URL Twitter E-mail

General

Target

3c0ca116d663d33eee3aed74fd1e2f11c8a4667792a01e80db89638d985d8cebN
Size

4.1MB
MD5

d54bdabff3c554add1b249da2aa472e0
SHA1

a48073db551c389a7bb592b44a9f14ea85538d28
SHA256

3c0ca116d663d33eee3aed74fd1e2f11c8a4667792a01e80db89638d985d8ceb
SHA512

328db3c6b9492d6f8c1f3a7ad6c0c4266ced3109c7d2bf978563dd18728be0ed433611f2a53fdf4b7d0e3c1dad037a6cfabb38fb96ab0613ab3d87759eb73bdb
SSDEEP

49152:/eEM2GIpqSLVT7j/jXW3ZZDK0gn+JOPjlfuVADmg27RnWGj:dM2BpFLVOZD8huAD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c0ca116d663d33eee3aed74fd1e2f11c8a4667792a01e80db89638d985d8cebN

Files

3c0ca116d663d33eee3aed74fd1e2f11c8a4667792a01e80db89638d985d8cebN
.exe windows:6 windows x64 arch:x64

681a899305bbd8514e1ba15dc4bc473c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\__w\1\s\bin\x64\Release\wslg.pdb

Imports

kernel32

ExitProcess
GetExitCodeProcess
GetCurrentThread
GetSystemDirectoryW
GetModuleFileNameW
LocalFree
VerifyVersionInfoW
FreeConsole
AttachConsole
GetConsoleMode
SetConsoleCtrlHandler
FlushConsoleInputBuffer
K32GetModuleFileNameExW
DuplicateHandle
SetHandleInformation
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
CancelIoEx
WaitForMultipleObjects
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetDynamicTimeZoneInformation
GetUserDefaultGeoName
AllocConsole
SetConsoleTitleW
GetPackagesByPackageFamily
MultiByteToWideChar
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFinalPathNameByHandleW
GetFullPathNameW
GetTempFileNameW
SetFileAttributesW
SetFileInformationByHandle
GetTempPathW
GetComputerNameExA
FindStringOrdinal
LocalAlloc
GetFileInformationByHandleEx
GetUserPreferredUILanguages
SetThreadDescription
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
FreeLibrary
LoadLibraryW
GetCurrentPackageId
GetPackageFamilyName
GetCurrentProcess
GetConsoleCP
GetConsoleOutputCP
SetConsoleMode
SetConsoleCP
SetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
ReadFile
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
CreatePipe
LoadLibraryExW
PeekConsoleInputW
SetProcessMitigationPolicy
Sleep
SetFilePointer
UpdateProcThreadAttribute
WriteConsoleW
SetConsoleCursorPosition
RaiseException
TerminateProcess
ReadProcessMemory
CreatePseudoConsole
ResizePseudoConsole
ClosePseudoConsole
ResetEvent
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEndOfFile
SetEnvironmentVariableW
GetCommandLineA
HeapSize
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateEventExW
SetEvent
WriteFile
RemoveDirectoryW
GetFileType
DeleteFileW
CreateFileW
CreateDirectoryW
SetCurrentDirectoryW
GetStdHandle
VerSetConditionMask
GetCommandLineW
WideCharToMultiByte
FormatMessageW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
DecodePointer
OutputDebugStringW
DebugBreak
IsDebuggerPresent
K32EnumProcesses
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
VirtualProtect
IsThreadAFiber
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
InitOnceExecuteOnce
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceComplete
InitOnceBeginInitialize
CreateSymbolicLinkW
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindFirstFileExW
GetStringTypeW
GetLocaleInfoEx
FormatMessageA
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread

user32

MessageBoxW
UnregisterClassW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoImpersonateClient
CoCreateFreeThreadedMarshaler
CoRevertToSelf
CoInitializeSecurity
CoGetCallContext
CoCreateInstance
CoUninitialize

advapi32

CreateProcessAsUserW
LookupPrivilegeValueW
SetTokenInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
DuplicateTokenEx
CreateRestrictedToken
CheckTokenMembership
AdjustTokenPrivileges
RegDeleteTreeW
RegSetKeyValueW
RegDeleteKeyValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
ReportEventW
ConvertSidToStringSidW
RegOpenCurrentUser
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetThreadToken
EventWriteEx
EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
RegGetValueW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenThreadToken
OpenProcessToken

ws2_32

closesocket
InetNtopW
setsockopt
WSAGetOverlappedResult
WSAGetLastError
WSASend
bind
listen
WSAIoctl
WSASocketW
WSARecv
WSAStartup
shutdown
ioctlsocket

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryW
DestroyEnvironmentBlock

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCombine

ntdll

RtlInitUnicodeString
NtQueryInformationFile
NtSetInformationFile
NtQueryEaFile
NtOpenFile
NtDeviceIoControlFile
ZwQueryKey
RtlInitializeSidEx
NtClose
NtWaitForSingleObject
NtCreateEvent
NtReadFile
NtWriteFile
NtCancelIoFileEx
RtlCaptureContext
RtlLookupFunctionEntry
NtCreateFile
NtQueryInformationProcess
RtlEthernetStringToAddressW
RtlIpv6StringToAddressW
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlUnwind
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
NtCreateNamedPipeFile
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlIpv4StringToAddressW

rpcrt4

UuidFromStringW
RpcImpersonateClient
RpcRevertToSelf

mswsock

AcceptEx

shlwapi

PathUnquoteSpacesW
PathIsRelativeW

icu

u_UCharsToChars
u_errorName
ucal_getTimeZoneIDForWindowsID

wintrust

WinVerifyTrust

msi

ord141
ord137
ord169
ord16
ord88

oleaut32

GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

681a899305bbd8514e1ba15dc4bc473c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

advapi32

ws2_32

userenv

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-path-l1-1-0

ntdll

rpcrt4

mswsock

shlwapi

icu

wintrust

msi

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 68KB - Virtual size: 86KB

.pdata Size: 73KB - Virtual size: 72KB

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 68KB - Virtual size: 86KB

.pdata
Size: 73KB - Virtual size: 72KB

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 592KB - Virtual size: 596KB