diamondfox | new[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

new.exe
Size

204KB
MD5

c967f5dec6b865b96fc2d2bd1e6b4198
SHA1

43b08a681af8f9b4d3a55993151a1a92d47826c1
SHA256

0355b561e5952f8392e7b2bedcf5b18a169f95aeb7ea44d75ba1082664a63173
SHA512

7c15efc4919cfe6b53dbc2b486970d834d6acd293a02c1572e79294e6b06f893f152caaf485bbc56029570f1af1bd04686b1216411c0002c4ecac2d0ab2753f0

Score

10^/10

infostealer diamondfox

Malware Config

Signatures

DiamondFox payload 1 IoCs

Detects DiamondFox payload in file/memory.

infostealer

resource	yara_rule
sample	diamondfox

Diamondfox family
diamondfox

Files

new.exe
.exe windows x86

8316bcd12417e59032ab566efaeaa8d5

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
wcslen
wcscpy
wcscat
wcscmp
memmove
wcschr
_CIlog
floor
ceil
_CIpow
strstr
strlen
_strnicmp
strcmp
strncpy
strcpy
sprintf
_wcsicmp
tolower
wcsncpy
fabs
malloc
free
fseek
ftell
fread
fclose
pow
??3@YAXPAX@Z
wcsncmp
wcsstr
_wcsnicmp
_wcsdup
_isnan
_vsnwprintf
cos
fmod
sin
abs

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CloseHandle
GetTickCount
LoadLibraryW
GetDiskFreeSpaceExW
GetSystemPowerStatus
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
GetModuleFileNameW
VirtualFree
VirtualAlloc
FreeLibrary
VirtualProtect
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
HeapFree
PeekNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
HeapReAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
GetProcAddress
Sleep
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameW
CreateDirectoryW
SetFileAttributesW
CopyFileW
DeleteFileW
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
WriteFile
CreateFileW
SetFilePointer
GetFileSize
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

GetSystemMetrics
GetCursorPos
GetDC
ReleaseDC
DestroyIcon
FillRect
CharUpperW
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
GetObjectType
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
DeleteDC
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetStockObject
GetDIBits
CreateDCW
GetDeviceCaps
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateFontIndirectW
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

wsock32

closesocket
WSACleanup
WSAStartup

winmm

timeBeginPeriod

shlwapi

PathFileExistsW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

ntdll

ZwUnmapViewOfSection

setupapi

IsUserAdmin

urlmon

URLDownloadToFileW

wininet

InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetGetConnectedState

Sections

.yo
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8316bcd12417e59032ab566efaeaa8d5

Code Sign

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

shell32

wsock32

winmm

shlwapi

ole32

ntdll

setupapi

urlmon

wininet

Sections

.yo Size: 38KB - Virtual size: 37KB

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 14KB - Virtual size: 17KB

.text Size: 1024B - Virtual size: 1024B

.yo
Size: 38KB - Virtual size: 37KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 14KB - Virtual size: 17KB

.text
Size: 1024B - Virtual size: 1024B