doubleback | 99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1

Sharing

Copy URL

Twitter E-mail

General

Target

99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
Size

33KB
MD5

1aeecb2827babb42468d8257aa6afdeb
SHA1

653f6938e5521cf70596fc4a3f1d8c8eef21959a
SHA256

99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
SHA512

846874d5488fe6aebe39f7c84cdf43bb3af418835bf3bc87a0a799c108d4966121a46a5e8f5d17bd98e5fb376d09169de48e7ea1129dd1b3df72b4508dff9f4c
SSDEEP

768:WKydBQh5PbYHNta3y5FH/to6vm6z8SW9Etuqv79peSKjSmCNX:I6Pul5p/to6OeMv+5NX

Score

10^/10

doubleback

Malware Config

Signatures

DoubleBack x64 Payload 1 IoCs

Processes:

resource	yara_rule
sample	family_doubleback_x64

Doubleback family
doubleback

Files

99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
.dll windows x64

1e757709ceb1787cc53882e57b128e4c

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Process32Next
UnmapViewOfFile
DeleteFileW
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetProcAddress
GetSystemTime
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
Process32First
RtlAddFunctionTable
RtlDeleteFunctionTable
GetComputerNameA
GetVolumeInformationW
CreateMutexW
GetLastError
OpenMutexW
GetCurrentDirectoryA
CreatePipe
QueryFullProcessImageNameA
WaitForSingleObject
CreateProcessA
CreateProcessW
SetHandleInformation
lstrcpyW
GetModuleHandleW
Sleep
GlobalFree
MultiByteToWideChar
lstrlenW
RtlZeroMemory
VirtualFree
GetFileSize
ReadFile
GetCurrentProcessId
LocalFree
CloseHandle
lstrcmpA
GetCurrentThreadId
CreateFileW
LocalAlloc
OutputDebugStringA
WriteFile
lstrcpyA
lstrlenA
VirtualAlloc
lstrcmpW

user32

GetSystemMetrics
ReleaseDC
GetDC
wsprintfA
wsprintfW

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

RegQueryValueExW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
RegDeleteKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
GetUserNameA
GetSidSubAuthority
GetSidSubAuthorityCount
OpenProcessToken

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoInitialize

ntdll

LdrLoadDll
NtWriteVirtualMemory
NtResumeThread
RtlImageDirectoryEntryToData
NtTerminateThread
LdrGetDllHandle
LdrGetProcedureAddress
NtGetContextThread
NtFreeVirtualMemory
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
NtAllocateVirtualMemory
ZwReadFile
NtTerminateProcess
NtClose
RtlCreateUserThread
NtSetContextThread

crypt32

CryptBinaryToStringA

wininet

InternetCloseHandle
HttpQueryInfoA
HttpOpenRequestA
InternetCrackUrlA
InternetSetOptionA
HttpAddRequestHeadersA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetOpenA

urlmon

ObtainUserAgentString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipDisposeImage

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e757709ceb1787cc53882e57b128e4c

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

crypt32

wininet

urlmon

gdiplus

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: - Virtual size: 176B

.pdata Size: 1024B - Virtual size: 588B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: - Virtual size: 176B

.pdata
Size: 1024B - Virtual size: 588B