doubleback | cl[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

cl.dll
Size

44KB
MD5

1d069a0f0d32a98624597c8d2ddfcbff
SHA1

8cd716227cd505e857c3c42c136f527de5a9f9ff
SHA256

d7dbf2031815f4634fde38b0bd6250b54aac2ee2c980824c4877814892b13ed0
SHA512

6ed60da206b35b3ff796cccb13e8ab54ea2f4db0095844a089227ad9803bac9777a791855a1854cea3daadfe8a7eaf69839025946a4707aacfce23ff32c950eb
SSDEEP

768:hO4apg9TJD/UFPvh45g1WmxValWf5uJMj9TX8xVd76o1x6:hHT+4mjw42dZx

Score

10^/10

doubleback

Malware Config

Signatures

DoubleBack x64 payload 1 IoCs

Processes:

resource	yara_rule
sample	family_doubleback_x64

Doubleback family
doubleback

Files

cl.dll
.dll windows x64

64fb42731fb3b42c8520455306b157a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
Process32Next
UnmapViewOfFile
DeleteFileW
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetProcAddress
Process32NextW
Process32FirstW
WideCharToMultiByte
GetSystemTime
GlobalSize
GlobalUnlock
lstrcmpW
CreatePipe
RtlAddFunctionTable
RtlDeleteFunctionTable
GetLastError
GetComputerNameW
GetVolumeInformationW
CreateMutexW
OpenMutexW
SetHandleInformation
GetComputerNameA
ProcessIdToSessionId
GetModuleHandleA
WaitForSingleObject
CreateProcessW
Sleep
QueryFullProcessImageNameA
lstrcpyW
GetModuleHandleW
lstrlenW
VirtualFree
MultiByteToWideChar
RtlZeroMemory
GetFileSize
ReadFile
GetCurrentProcessId
CloseHandle
CreateFileW
OutputDebugStringA
WriteFile
lstrcpyA
lstrlenA
VirtualAlloc
GlobalLock

user32

OemToCharBuffA
ReleaseDC
EnumWindows
SendMessageA
GetDC
GetWindowThreadProcessId
GetSystemMetrics
wsprintfW

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegSetValueExA
RegDeleteValueA
GetTokenInformation
RegEnumKeyExA
LookupAccountSidW
RegOpenKeyExA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoInitialize

ntdll

NtGetContextThread
NtTerminateThread
NtAllocateVirtualMemory
NtSetContextThread
NtWriteVirtualMemory
NtResumeThread
RtlImageDirectoryEntryToData
ZwReadFile
NtTerminateProcess
NtClose
RtlCreateUserThread
NtMapViewOfSection
NtReadVirtualMemory
NtCreateSection
NtQueryVirtualMemory
LdrLoadDll
LdrGetDllHandle
LdrGetProcedureAddress
NtFreeVirtualMemory

wininet

InternetCloseHandle
HttpOpenRequestA
InternetCrackUrlA
InternetSetOptionA
HttpAddRequestHeadersA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetOpenA
HttpQueryInfoA

urlmon

ObtainUserAgentString

gdiplus

GdiplusStartup
GdipDisposeImage
GdipGetImageEncodersSize
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64fb42731fb3b42c8520455306b157a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

wininet

urlmon

gdiplus

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: - Virtual size: 176B

.pdata Size: 1024B - Virtual size: 792B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: - Virtual size: 176B

.pdata
Size: 1024B - Virtual size: 792B