f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f.exe
Size

68.2MB
MD5

0aa16448350af6191bc2640eb7ee065f
SHA1

3369c07295be33a6cae2ae3e0d27613484cb2b1a
SHA256

f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f
SHA512

ff6f42f28fc272c3fffcc3881869c2a2c14f6c98e9b9b4abc41f5b509e24fe4130c0ad67e426a27f27fa386b8774a3f629ffbbc456d8c1273914b6323544a702
SSDEEP

393216:QeO5SoCqeodARSqJP1bmrdO9QNQMdrVFSBdMvfqee4e6yWmFWk:QeOPeCqJ1mZO98Q6rVFSBdMHqee4eb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f.exe

Files

f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f.exe
.exe windows:6 windows x64 arch:x64

d82e1572519b104f9f07c85dd2639c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PegasusLoader.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

kernel32

GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
CloseHandle
GetCurrentProcess
DuplicateHandle
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
LoadLibraryExA
FreeLibrary
CreateEventW
SetHandleInformation
WaitForSingleObject
GetProcessHeap
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetLastError
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetTempPathW
CreateThread
WideCharToMultiByte
CreateIoCompletionPort
WriteConsoleW
GetQueuedCompletionStatusEx
MultiByteToWideChar
UpdateProcThreadAttribute
SetFileCompletionNotificationModes
InitializeProcThreadAttributeList
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
Sleep
CreateFileW
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
VirtualQueryEx
GetCurrentProcessId
ExitProcess
GetProcessTimes
GetModuleFileNameW
GetConsoleMode
GetSystemInfo
GlobalMemoryStatusEx
GetSystemTimes
GetDiskFreeSpaceA
K32GetPerformanceInfo
GetExitCodeProcess
CancelIo
GetFinalPathNameByHandleW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
GetProcessIoCounters
FindClose
FormatMessageW
FindNextFileW
ReleaseMutex
ReadProcessMemory
lstrlenW
HeapReAlloc
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
TerminateProcess
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
GetStdHandle
WriteFileEx
SleepEx
QueryPerformanceFrequency

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectData
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
GetErrorInfo
VariantClear
SafeArrayDestroy

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

powrprof

CallNtPowerInformation

bcrypt

BCryptGenRandom

advapi32

IsValidSid
GetLengthSid
CopySid
SystemFunction036
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ws2_32

ioctlsocket
connect
shutdown
recv
getsockopt
bind
getaddrinfo
send
WSASend
setsockopt
WSAIoctl
WSACleanup
WSASocketW
getpeername
getsockname
WSAStartup
WSAGetLastError
socket
closesocket
freeaddrinfo

secur32

InitializeSecurityContextW
AcquireCredentialsHandleA
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
EncryptMessage
DecryptMessage
FreeCredentialsHandle
AcceptSecurityContext
FreeContextBuffer

ntdll

NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetVersion
NtWriteFile
NtQueryInformationProcess
NtReadFile
NtDeviceIoControlFile
NtQuerySystemInformation

pdh

PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

shell32

CommandLineToArgvW

vcruntime140

__current_exception
__C_specific_handler
_CxxThrowException
memset
memmove
memcmp
memcpy
__CxxFrameHandler3
__current_exception_context

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_exit
_set_app_type
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_get_initial_narrow_environment
_initterm
terminate
_initialize_onexit_table
exit
_register_onexit_function
_crt_atexit

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64.7MB - Virtual size: 64.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d82e1572519b104f9f07c85dd2639c74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

crypt32

oleaut32

ole32

powrprof

bcrypt

advapi32

ws2_32

secur32

ntdll

pdh

psapi

shell32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 64.7MB - Virtual size: 64.7MB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 170KB - Virtual size: 169KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 64.7MB - Virtual size: 64.7MB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 170KB - Virtual size: 169KB

.reloc
Size: 43KB - Virtual size: 42KB