bot[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bot.exe
Size

3.5MB
MD5

8e578a48bf9fb14d9e95208f9e8035fb
SHA1

d4be87d36fe193bba20a4119c6ae98b130425387
SHA256

a078db90b43d3a1145b70a90166f5755becdff775effa51a5e6ff7d78b90445b
SHA512

8f806823ab8356d615fd27018ebe7c526109d4707438e8a6cde517c64893871c609d90898b04ecd8030a8e774235ced088dfed47dccee952e25f11fa658b2f14
SSDEEP

49152:RdmewWZABq6S5ZGbX9UO/NdecJM4xO3chIOxfgmIaI8frfjPnUu+kxZ0/xn6URQz:bP3WI1kUllRQZFKuq/g

Score

N/A

Malware Config

Signatures

Files

bot.exe
.exe windows x64

76d54f82b6bc7a6102c359d4bfdb1752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCancelIoFileEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
VerSetConditionMask

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReadConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
GetStdHandle
GetConsoleMode
SetConsoleMode
VerifyVersionInfoW
lstrlenW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentProcess
DuplicateHandle
GetSystemInfo
SetHandleInformation
GetCurrentProcessId
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetFilePointerEx
WriteFileEx
SleepEx
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
FindFirstFileW
GetFinalPathNameByHandleW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
CreateProcessW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
WriteConsoleW

netapi32

NetApiBufferFree
NetApiBufferAllocate
NetServerGetInfo
NetWkstaGetInfo

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

ws2_32

connect
ioctlsocket
getsockopt
shutdown
recv
WSASocketW
send
WSASend
setsockopt
getpeername
WSAGetLastError
socket
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getsockname
bind
closesocket
WSAIoctl

secur32

DecryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
ApplyControlToken
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
EncryptMessage

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain

bcrypt

BCryptGenRandom

vcruntime140

memcpy
__current_exception
memset
__CxxFrameHandler3
__current_exception_context
memmove
_CxxThrowException
__C_specific_handler
memcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
logf
floorf

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
__p___argc
__p___argv
_register_onexit_function
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76d54f82b6bc7a6102c359d4bfdb1752

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

kernel32

netapi32

ole32

shell32

ws2_32

secur32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 131KB - Virtual size: 131KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 131KB - Virtual size: 131KB

.reloc
Size: 24KB - Virtual size: 23KB