Cultivation[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Cultivation.exe
Size

34.5MB
MD5

c38d71235fb63489d0a68a5b355239d7
SHA1

8c0a2a779d2fcfbbe493ccc4d13209c530345741
SHA256

9f3858ae9495f244f417745cc165a4176ad5d4c0f16f601ecb2d774ef616a7fe
SHA512

d847677f600cf2839dd2857cd8f83c4afdd7ea32b280ccabad33f252d8081993e861e1cd5afd2bd16f2fbf85107ca3048fb136af020f21a2e5eb4b5b0e5ac109
SSDEEP

196608:GUYvjao2sy9gXmqYBtiC4mkK/bI8luQvl5w+:Y7NllXeBtiC4mkKk8luf+

Score

N/A

Malware Config

Signatures

Files

Cultivation.exe
.exe windows x64

d948aa6549380f1a440562a70b392b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

CallNtPowerInformation

shell32

DragQueryFileW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragFinish
CommandLineToArgvW
ShellExecuteW

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlPcToFileHeader
RtlUnwindEx
NtDeviceIoControlFile
RtlGetNtVersionNumbers
RtlVirtualUnwind
NtQuerySystemInformation
RtlGetVersion

advapi32

EventUnregister
RegGetValueW
EventRegister
EventWriteTransfer
RegSetValueExW
EventSetInformation
RegOpenKeyExW
LookupAccountSidW
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
SetFileSecurityW
SystemFunction036
RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken

kernel32

ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GlobalMemoryStatusEx
GetExitCodeProcess
CreateDirectoryW
GetProcessAffinityMask
CreateThread
CreateSemaphoreW
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersionExW
SetThreadExecutionState
LoadLibraryW
GetSystemDirectoryW
GetLogicalDrives
GetVolumeInformationW
CreateFileW
LocalFree
GetProcessTimes
GetSystemInfo
SetThreadPriority
GetCurrentThread
CreateEventW
FoldStringW
GetModuleFileNameW
GetFullPathNameW
DeleteFileW
OpenProcess
GetCurrentDirectoryW
GetSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetProcAddress
HeapFree
GetCurrentProcessId
Sleep
GetModuleHandleA
SetLastError
GetLastError
IsDBCSLeadByte
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
AreFileApisANSI
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
SetFileAttributesW
ReadFile
LoadLibraryA
QueryPerformanceFrequency
ReleaseSemaphore
CloseHandle
SetConsoleCtrlHandler
CreateSemaphoreA
WaitForSingleObject
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetFileTime
HeapAlloc
DeviceIoControl
MoveFileW
FreeLibrary
FindClose
InitializeSListHead
ReadConsoleW
WriteConsoleW
TlsSetValue
TlsGetValue
CreateProcessW
GetWindowsDirectoryW
ReadFileEx
CreateNamedPipeW
ExitProcess
SetCurrentDirectoryW
CopyFileExW
GetFileInformationByHandleEx
CreateMutexA
WaitForSingleObjectEx
TlsFree
HeapReAlloc
TlsAlloc
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
SetFilePointerEx
GetCommandLineW
GetTempPathW
SetEnvironmentVariableW
GetEnvironmentStringsW
SwitchToThread
SetThreadStackGuarantee
lstrlenW
AddVectoredExceptionHandler
CompareStringOrdinal
ReleaseMutex
FindFirstFileW
FindNextFileW
GetStdHandle
FreeEnvironmentStringsW
GetFinalPathNameByHandleW
SetFileInformationByHandle
MoveFileExW
GetFileInformationByHandle
SetFileCompletionNotificationModes
GlobalLock
GlobalAlloc
GlobalUnlock
GetModuleHandleW
GetTickCount64
InitOnceExecuteOnce
AcquireSRWLockShared
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
RaiseException
VirtualQuery
LoadLibraryExW
GetEnvironmentVariableW
ReleaseSRWLockShared
InitializeSRWLock
FormatMessageW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
PostQueuedCompletionStatus
SetHandleInformation
FlushFileBuffers
GetFileType
SleepConditionVariableSRW
DuplicateHandle
CreatePipe
TryAcquireSRWLockExclusive
CreateHardLinkW
RemoveDirectoryW
GetShortPathNameW
GetLongPathNameW
GetConsoleMode
WriteFile
SetFilePointer
SetEndOfFile
GetProcessHeap
EncodePointer
VirtualQueryEx

user32

SetMenuItemInfoW
PostQuitMessage
IsWindowVisible
SetWindowTextW
SetWindowLongW
CharToOemA
GetWindowLongW
EnableMenuItem
DefWindowProcW
GetWindowRect
GetClipCursor
GetClientRect
CheckMenuItem
SetWindowPos
SendMessageW
PostMessageW
OemToCharA
PeekMessageW
GetRawInputData
OemToCharBuffA
GetWindowLongPtrW
GetMessageW
CharUpperW
IsProcessDPIAware
RegisterRawInputDevices
SetWindowLongPtrW
DestroyIcon
AppendMenuW
ShowWindow
ShowCursor
CharLowerW
CreateMenu
AdjustWindowRectEx
CreateIcon
ClipCursor
RegisterClassExW
GetKeyboardLayout
GetWindowPlacement
MapVirtualKeyExW
GetKeyboardState
GetAsyncKeyState
RegisterHotKey
ToUnicodeEx
GetKeyState
VkKeyScanW
SetCapture
GetDC
ChangeDisplaySettingsExW
EnumDisplayMonitors
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
ClientToScreen
InvalidateRgn
GetUpdateRect
ValidateRect
RedrawWindow
PostThreadMessageW
SetCursor
EnumChildWindows
DestroyWindow
LoadCursorW
OpenClipboard
CloseClipboard
TrackMouseEvent
GetActiveWindow
ReleaseCapture
CloseTouchInputHandle
RegisterTouchWindow
GetTouchInputInfo
MonitorFromRect
ScreenToClient
IsWindow
GetForegroundWindow
GetSystemMetrics
CreateWindowExW
FlashWindowEx
SetCursorPos
GetCursorPos
EmptyClipboard
SetWindowPlacement
SetForegroundWindow
SystemParametersInfoA
GetClipboardData
SetClipboardData
RegisterWindowMessageA
CreateAcceleratorTableW
DestroyAcceleratorTable
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatA
GetMessageA
DispatchMessageA
MessageBoxW
GetMenu
UnregisterHotKey
MapVirtualKeyW
TranslateMessage
DispatchMessageW
TranslateAcceleratorW
GetAncestor
SetMenu
SendInput
CharToOemBuffW

secur32

DeleteSecurityContext
QueryContextAttributesW
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle
InitializeSecurityContextW
LsaGetLogonSessionData
LsaFreeReturnBuffer
FreeContextBuffer
AcceptSecurityContext
DecryptMessage
EncryptMessage
LsaEnumerateLogonSessions

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain

ws2_32

WSAGetLastError
WSAStartup
getaddrinfo
select
WSAIoctl
closesocket
ioctlsocket
freeaddrinfo
WSACleanup
WSASocketW
bind
connect
listen
accept
getsockname
getpeername
WSADuplicateSocketW
shutdown
recv
send
WSASend
getsockopt
setsockopt
socket

pdh

PdhCloseQuery
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA

ole32

CoInitializeSecurity
RegisterDragDrop
CoSetProxyBlanket
CoInitializeEx
OleInitialize
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringLen
SetErrorInfo
GetErrorInfo

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetLocalGroups

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
terminate
__p___argc
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_errno
__p___argv
_initialize_onexit_table
_cexit
_set_app_type
_c_exit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_crt_atexit
exit
_register_onexit_function
abort
_wassert

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
calloc
malloc
free
realloc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
_wcsicmp
wcsncpy
strlen
wcsncmp
wcspbrk
strcat_s

api-ms-win-crt-math-l1-1-0

round
floor
__setusermatherr
pow
trunc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 25.2MB - Virtual size: 25.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d948aa6549380f1a440562a70b392b76

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

shell32

ntdll

advapi32

kernel32

user32

secur32

crypt32

ws2_32

pdh

ole32

oleaut32

netapi32

iphlpapi

gdi32

dwmapi

comctl32

uxtheme

bcrypt

psapi

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 25.2MB - Virtual size: 25.2MB

.rdata Size: 6.8MB - Virtual size: 6.8MB

.data Size: 23KB - Virtual size: 53KB

.pdata Size: 2.1MB - Virtual size: 2.1MB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 86KB - Virtual size: 85KB

.text
Size: 25.2MB - Virtual size: 25.2MB

.rdata
Size: 6.8MB - Virtual size: 6.8MB

.data
Size: 23KB - Virtual size: 53KB

.pdata
Size: 2.1MB - Virtual size: 2.1MB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 86KB - Virtual size: 85KB