IL_Beta[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

IL_Beta.exe
Size

3.0MB
MD5

d8dfab4fe38c31c0f673c3e96672c65f
SHA1

84764b41c87b9f02e680cd4fe800f9597ddadd59
SHA256

529c86a3a641cebd27567331ab8305827cb79acba5928e8ce04cf7e55e84bf92
SHA512

6ebb50a65af4aa882c9b6c0ef5f5099f8a1306c811091cc777292f4dd10934f02efaa4995f1e580e49a258ea6e1b5afb8166fd751d8fd0f66110d8f8efce35ba
SSDEEP

49152:ILonJif7tAodaOm53wOD9aQHwGRP26r9+OXpFl6JEGmBYFpO6qmyAJhH:IV6z53a4SzRxDJ

Score

N/A

Malware Config

Signatures

Files

IL_Beta.exe
.exe windows x64

a528f3afc13a1f11b481ad804b583a01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysStringLen
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SafeArrayUnaccessData
GetErrorInfo
SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayGetUBound

kernel32

GlobalMemoryStatusEx
ExitProcess
ReadFile
GetTickCount64
CancelIo
GetDiskFreeSpaceExW
CreateEventW
WriteFileEx
CreateThread
CreateNamedPipeW
GetCurrentProcessId
DuplicateHandle
PostQueuedCompletionStatus
CreateProcessW
GetWindowsDirectoryW
FreeLibrary
GetFileAttributesW
GetSystemDirectoryW
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
SleepEx
ReadFileEx
FindClose
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileAttributesExA
GetFileSizeEx
LockFile
RemoveDirectoryA
UnlockFile
InitOnceComplete
GetTempPathA
GetLocalTime
MapViewOfFile
UnmapViewOfFile
FormatMessageA
CreateFileMappingA
QueryPerformanceFrequency
ReplaceFileA
HeapDestroy
HeapCompact
LoadLibraryW
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
CreateMutexW
UnlockFileEx
SetEndOfFile
GetCurrentDirectoryW
SetFilePointer
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
FlushFileBuffers
GetTickCount
CreateFileMappingW
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FindFirstFileW
CreateDirectoryW
FindNextFileW
OpenProcess
SetFilePointerEx
GetFullPathNameW
DeviceIoControl
CreateFileW
MoveFileA
GetModuleFileNameW
GetTempPathW
FormatMessageW
GetModuleHandleW
RtlLookupFunctionEntry
GetSystemInfo
GetEnvironmentVariableW
QueryPerformanceCounter
ReleaseMutex
GetCurrentProcess
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
SetFileCompletionNotificationModes
CreateIoCompletionPort
WriteConsoleW
GetConsoleMode
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
GetStdHandle
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
SwitchToThread
SetHandleInformation
VirtualQueryEx
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
WakeAllConditionVariable
RtlCaptureContext
GetFileInformationByHandle
LocalFree
AcquireSRWLockShared
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
CopyFileExW
GetFullPathNameA
SetFileInformationByHandle
RtlVirtualUnwind
UnhandledExceptionFilter
ReleaseSRWLockShared
WakeConditionVariable
SetUnhandledExceptionFilter
GetExitCodeProcess
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
GetComputerNameExW
TerminateProcess
IsProcessorFeaturePresent
GetFileInformationByHandleEx
SleepConditionVariableSRW
InitializeSListHead
IsDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
GetLastError
DeleteFileW
InitOnceBeginInitialize
ReadProcessMemory
WriteFile

pdh

PdhAddEnglishCounterW
PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData
PdhGetFormattedCounterValue

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertOpenStore
CertDuplicateCertificateChain
CryptUnprotectData
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertDuplicateStore

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx

shell32

ShellExecuteA
CommandLineToArgvW

advapi32

RegCloseKey
RegOpenKeyExW
LookupAccountSidW
RegSetValueExW
SystemFunction036
RegQueryValueExW
GetTokenInformation
OpenProcessToken

user32

EnumDisplaySettingsExW
GetMonitorInfoW
EnumDisplayMonitors

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
CreateDCW
GetDeviceCaps

mfreadwrite

MFCreateSourceReaderFromMediaSource

bcrypt

BCryptGenRandom

ws2_32

recv
WSAIoctl
send
bind
getaddrinfo
ioctlsocket
WSAGetLastError
getpeername
WSASend
shutdown
getsockopt
setsockopt
WSASocketW
connect
WSACleanup
freeaddrinfo
WSAStartup
getsockname
closesocket

ntdll

NtQuerySystemInformation
NtCreateFile
RtlNtStatusToDosError
RtlGetVersion
NtCancelIoFileEx
NtDeviceIoControlFile
NtQueryInformationProcess

mfplat

MFStartup
MFCreateAttributes
MFShutdown

mf

MFEnumDeviceSources

secur32

AcquireCredentialsHandleA
QueryContextAttributesW
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Cnd_signal
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_sleep
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ

vcruntime140

memset
memmove
memcpy
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcmp
strrchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
strlen
wcslen
strcspn
strncmp
_strdup

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
_wassert
_initterm
_get_initial_narrow_environment
_initterm_e
_beginthreadex
_endthreadex
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_set_app_type
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
abort
_crt_atexit
_initialize_onexit_table
_register_onexit_function
terminate
exit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fopen
__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
__p__commode
fclose
_set_fmode
fflush

api-ms-win-crt-heap-l1-1-0

free
_msize
_callnewh
_set_new_mode
malloc
realloc

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr
log

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 895KB - Virtual size: 895KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a528f3afc13a1f11b481ad804b583a01

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

pdh

crypt32

ole32

shell32

advapi32

user32

gdi32

mfreadwrite

bcrypt

ws2_32

ntdll

mfplat

mf

secur32

iphlpapi

powrprof

psapi

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 895KB - Virtual size: 895KB

.data Size: 25KB - Virtual size: 28KB

.pdata Size: 70KB - Virtual size: 70KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 895KB - Virtual size: 895KB

.data
Size: 25KB - Virtual size: 28KB

.pdata
Size: 70KB - Virtual size: 70KB

.reloc
Size: 20KB - Virtual size: 20KB