Darkpulsar-1[.]1[.]0[.]sh

Sharing

Copy URL Twitter E-mail

General

Target

Darkpulsar-1.1.0.sh
Size

44KB
MD5

9598ea71e1cbffb5b74582ae028c69b9
SHA1

8c66244a57363ffc36cd35d701e692aef97a1f8a
SHA256

978b7341b9a07fb1625d1476fe6455236b386465743d385016a8a60ef34bcc08
SHA512

109bf19c62d2df28ad9bd6115c75e7a017c338dbf95f2ce4dcc71d9f44737b521f4a1f86767d8ddf6f678d565bf39a583e3bfcf6b0488de297853649843e4958
SSDEEP

768:o22i9W0yelPKrYIDPm8DLvosND9dAgW2HApM/8:o2/9W0yelPK0ke8Hvvc2t

Score

N/A

Malware Config

Signatures

Files

Darkpulsar-1.1.0.sh
.exe windows x86

4b44dbf7772d64a142358b09ba5d5ca4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateThread
Sleep
SetEvent
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
CloseHandle
CreateEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime

advapi32

CryptEncrypt
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptDecrypt

tibe-2

TbInitStruct
TbMalloc
TbFreeInt
TbWinsockStartup
TbWinsockCleanup
TbCloseSocket
TbCleanSB
TbSend
TbRecv
TbFreeStructBuffers
TbPutAlign
TbPutStr
TbPutLong
TbPutBuff
TbSetRemoteSocketData
TbRecvBuffer
TbSendBuffer
TbDoSmbPacket
TbPutArg
TbMakeSmbHeader
TbDoSmbNegotiate
TbDoNbtSessionRequest
TbSendTo
TbMakeSocket

trfo-2

TfStrICmp
TfReadFileIntoBuffer

cnli-1

CNESocket_accept
CNESocket_getLocal
CNESocket_listen
CNESocket_create
CNESocket_setBlockingMode
CNESocket_connect
CNESocket_close
CNESocket_getNative

trch-1

Paramchoice_setValue
Parameter_Socket_setValue
Parameter_U8_setValue
Parameter_Buffer_getValue
Params_findParameter
Parameter_LocalFile_getValue
Parameter_String_getValue
Parameter_Boolean_getValue
Paramchoice_getValue
Params_findParamchoice
Parameter_U32_getValue
Parameter_S32_getValue
Parameter_Port_getValue
Parameter_IPv4_getValue
Parameter_S16_getValue

tucl-1

TcLog

ws2_32

ntohs
ntohl
htons
inet_addr

coli-0

mainWrapper
coli_setValidate
coli_setProcess
coli_setCleanup
coli_delete
coli_create
coli_setID

msvcrt

?terminate@@YAXXZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
memset
printf
memcpy
??3@YAXPAX@Z
strncpy
memmove
_purecall
??2@YAPAXI@Z
rand
??1type_info@@UAE@XZ
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit

secur32

AcceptSecurityContext
AcquireCredentialsHandleW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b44dbf7772d64a142358b09ba5d5ca4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

tibe-2

trfo-2

cnli-1

trch-1

tucl-1

ws2_32

coli-0

msvcrt

secur32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB