metastealer | avast_update[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

avast_update.bin
Size

1.6MB
MD5

b284363026bd2eef844085d6826d63ed
SHA1

94143d6470da270fc2a623c264ea1b939fa0ad58
SHA256

71e54b829631b93adc102824a4d3f99c804581ead8058b684df25f1c9039b738
SHA512

efcc636c53d7989ecf93e21dc5e8fbfa3017c45ac675c00b2cee68178f255b2a877f15ac8358019301dfbb2c742f515b978df84785d76b2cbdabc38b5cf46e70
SSDEEP

49152:QybnrP/RDYb/hAd4rCPvgB2Wfo3Hhu3UrslmU/xtBYDddLK4:QybnrPG/cxvgeu3eslmUZtB

Score

10^/10

metastealer

Malware Config

Extracted

Family

metastealer

193.106.191.162:1775

Signatures

Metastealer family
metastealer

Files

avast_update.bin
.dll windows x86

18ca6460a15d549bcee0a10763402dc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

gdiplus

GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipFree

shlwapi

ord12

kernel32

ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEnvironmentVariableW
DeleteCriticalSection
GetCurrentThreadId
GetEnvironmentVariableW
CreatePipe
PeekNamedPipe
TerminateProcess
GetExitCodeProcess
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GetWindowsDirectoryW
GetModuleHandleA
K32GetModuleFileNameExW
SetLastError
QueryPerformanceFrequency
CreateDirectoryW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
HeapFree
GetStringTypeW
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetStdHandle
WriteConsoleW
FindClose
FindFirstFileExW
FindNextFileW
FreeEnvironmentStringsW
TryEnterCriticalSection
GetFileInformationByHandleEx
CopyFileW
SetFilePointerEx
SetFileInformationByHandle
GetFinalPathNameByHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SwitchToThread
InitializeSRWLock

user32

PrintWindow
MoveWindow
GetWindowPlacement
IsWindowVisible
GetKeyState
IsWindowEnabled
MenuItemFromPoint
PostMessageW
DispatchMessageW
ReleaseDC
GetWindowRect
ScreenToClient
ChildWindowFromPoint
PtInRect
GetWindowLongW
TranslateMessage
SendMessageW
GetForegroundWindow
CreateDesktopW
OpenDesktopW
SetThreadDesktop
PeekMessageW
GetDC
WindowFromPoint
SetWindowLongW
RealGetWindowClassW
SetProcessDPIAware
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
GetTopWindow
FindWindowW
GetParent
GetDesktopWindow
CloseDesktop

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit
VariantClear

advapi32

RegGetValueW
RegCreateKeyExW
RegCloseKey
GetUserNameW

ws2_32

closesocket
connect
getnameinfo
ioctlsocket
getpeername
getsockopt
ntohs
recv
select
__WSAFDIsSet
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
WSASocketW
getaddrinfo
freeaddrinfo
send

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

18ca6460a15d549bcee0a10763402dc5

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

gdiplus

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 193KB - Virtual size: 192KB

.data Size: 29KB - Virtual size: 38KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 193KB - Virtual size: 192KB

.data
Size: 29KB - Virtual size: 38KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 53KB