industroyer | 750cbba9a36859b978bfe5f082be44815027bc74dc2728210abbcba828ce6f56

Sharing

Copy URL

Twitter E-mail

General

Target

750cbba9a36859b978bfe5f082be44815027bc74dc2728210abbcba828ce6f56
Size

624KB
MD5

efc6f1f3bbab26ba2cbdd60ac0eba52e
SHA1

08faebfaed9cab5a1b380e124787e63215b8ef42
SHA256

750cbba9a36859b978bfe5f082be44815027bc74dc2728210abbcba828ce6f56
SHA512

0ae1690be156e26a2da39386f25800b6b7cd4e330c4bd5006943c891c9e840865ce87895624d1f6df0f228ce2ee70de6d400ab1f26746ebed9856bbf14c43025
SSDEEP

12288:CpCB9AVqhPDUHvOdO21ai1m2Y+o1mQR5LaVfnkBUxarLIN8Wah5/wodPdv7PVTFN:Cp12UPQkBUO/B5/lzTVTFH+u

Score

10^/10

industroyer

Malware Config

Signatures

Industroyer 1 IoCs
Contains code associated with parsing industroyer's configuration file.

Processes:

resource yara_rule

sample win_industroyer_w4
Industroyer family
industroyer

resource	yara_rule
sample	win_industroyer_w4

Files

750cbba9a36859b978bfe5f082be44815027bc74dc2728210abbcba828ce6f56
.exe windows x86

469902c5413cba2b13d3e7d2e63a4cc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysFreeString

ws2_32

WSASetLastError
getaddrinfo
WSAStartup
getservbyname
getservbyport
WSACleanup
WSAGetLastError
freeaddrinfo
socket
shutdown
setsockopt
sendto
select
recvfrom
ntohs
listen
inet_addr
htons
htonl
getsockname
getpeername
connect
closesocket
bind
accept
inet_ntoa
gethostbyaddr
gethostbyname

crypt32

CertFreeCertificateContext

secur32

DecryptMessage
EncryptMessage
FreeContextBuffer
QueryCredentialsAttributesA
QueryContextAttributesA
ApplyControlToken
DeleteSecurityContext
InitializeSecurityContextA
AcquireCredentialsHandleA

user32

PostThreadMessageA

kernel32

FreeEnvironmentStringsW
GetOEMCP
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
HeapFree
HeapAlloc
LCMapStringW
CompareStringW
GetTimeFormatW
GetProcessHeap
GetCommandLineW
GetCommandLineA
GetStringTypeW
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
GetDateFormatW
SetEndOfFile
GetFileType
CreateDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetDriveTypeW
SetConsoleCtrlHandler
GetModuleHandleExW
LoadLibraryExW
WriteConsoleW
HeapSize
MoveFileExW
ExitProcess
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
ReadFile
SetFilePointerEx
CloseHandle
LoadLibraryA
GetModuleHandleA
CreateFileW
SearchPathA
LocalFree
FlushInstructionCache
VirtualProtectEx
VirtualQueryEx
GetCurrentProcess
TerminateProcess
GetThreadSelectorEntry
GetLastError
SetLastError
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcess
SetEvent
WaitForSingleObject
GetSystemInfo
CreateEventA
GetLogicalDriveStringsW
GetSystemDirectoryA
GetCurrentDirectoryA
QueryDosDeviceW
OpenProcess
GetVersionExA
GetCurrentProcessId
FormatMessageA
GetSystemTimeAsFileTime
CompareFileTime
DecodePointer
IsDebuggerPresent
Sleep
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeProcess
GetEnvironmentStringsW
CreateThread
GetCurrentThreadId
TerminateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
GetStdHandle
CreateSemaphoreA
CreateProcessW
SearchPathW
GetFullPathNameW
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
WideCharToMultiByte
FindClose
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
TlsFree
RtlUnwind
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

469902c5413cba2b13d3e7d2e63a4cc9

Headers

File Characteristics

Imports

ole32

oleaut32

ws2_32

crypt32

secur32

user32

kernel32

Sections

.text Size: 495KB - Virtual size: 495KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 7KB - Virtual size: 17KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 495KB - Virtual size: 495KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 7KB - Virtual size: 17KB

.reloc
Size: 24KB - Virtual size: 23KB