doubleback | 7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c

Sharing

Copy URL

Twitter E-mail

General

Target

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
Size

37KB
MD5

86f803bc46706fb543f147ab108cf358
SHA1

4960d039f6e951b6fbb1df04d3d3351d558d29a5
SHA256

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
SHA512

ee6200da84267fd32005512eaaab2bce021592d40c9424a443c289ad0769d0b131b5b771e819c6bf42308823bc4f4c9356ae2e541fbaf7fca1e40eccbf32e4f4
SSDEEP

768:RDaQjRnVdElKaY2Ea2jrmMQsk5kpWWuwEygpeNp8ZPmtgyUx6:3FVW3M7dW3FH9OWx

Score

10^/10

doubleback

Malware Config

Signatures

DoubleBack x64 Payload 1 IoCs

Processes:

resource	yara_rule
sample	family_doubleback_x64

Doubleback family
doubleback

Files

7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c
.dll windows x64

334aaafc61c117c1ed56745f0a48ebd9

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetProcAddress
GetSystemTime
GlobalSize
GlobalLock
GlobalUnlock
lstrcmpW
CreatePipe
RtlAddFunctionTable
DeleteFileW
RtlDeleteFunctionTable
GetLastError
GetComputerNameW
GetVolumeInformationW
CreateMutexW
OpenMutexW
UnmapViewOfFile
Process32Next
SetHandleInformation
lstrcpyW
GetModuleHandleW
Sleep
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
Process32First
WaitForSingleObject
CreateProcessW
lstrlenW
MultiByteToWideChar
VirtualFree
RtlZeroMemory
GetFileSize
ReadFile
CloseHandle
CreateFileW
OutputDebugStringA
WriteFile
lstrcpyA
lstrlenA
VirtualAlloc

user32

wsprintfW
GetSystemMetrics
ReleaseDC
GetDC
OemToCharBuffA

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

RegQueryValueExW
RegEnumKeyExA
GetTokenInformation
RegQueryValueExA
RegDeleteKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegDeleteValueA
RegOpenKeyExA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoInitialize

ntdll

NtSetContextThread
NtWriteVirtualMemory
NtResumeThread
RtlImageDirectoryEntryToData
NtTerminateThread
NtGetContextThread
NtFreeVirtualMemory
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
ZwReadFile
NtTerminateProcess
NtClose
RtlCreateUserThread
LdrLoadDll
LdrGetDllHandle
LdrGetProcedureAddress
NtAllocateVirtualMemory

wininet

InternetCloseHandle
HttpOpenRequestA
InternetCrackUrlA
InternetSetOptionA
HttpAddRequestHeadersA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetOpenA
HttpQueryInfoA

urlmon

ObtainUserAgentString

gdiplus

GdiplusStartup
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdiplusShutdown

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

334aaafc61c117c1ed56745f0a48ebd9

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

wininet

urlmon

gdiplus

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: - Virtual size: 176B

.pdata Size: 1024B - Virtual size: 732B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: - Virtual size: 176B

.pdata
Size: 1024B - Virtual size: 732B