hive | c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502.exe
Size

595KB
MD5

c5ea62ac6d9eaebd534144602a99776d
SHA1

727d68062ff63d08a3e0204af3c8791d9092dc82
SHA256

c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502
SHA512

e9362623163c3deb229f8687bc966f5ac76ea6e1fee6e3899f4b0c29f1400301dbafca1e58a0aa1afc903726f78830ab7523f9e9f69bc120c882b2e1bb6be8c8
SSDEEP

12288:yT5eQYNFUJiSBtnEmcrUwsK4fnWNxH3IotOfj1OzkB3l2:80NFUYItn4sK4fnwV3Io0k

Score

10^/10

hive

Malware Config

Signatures

Detects Rust x64 variant of Hive Ransomware 1 IoCs

Processes:

resource yara_rule

sample hive_rust_x64
Hive family
hive

resource	yara_rule
sample	hive_rust_x64

Files

c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502.exe
.exe windows x64

412bb50a8fc70ed0bd3eb7f322a988dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DeviceIoControl
DuplicateHandle
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
GetEnvironmentVariableW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemInfo
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
SetFileAttributesW
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WriteConsoleW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlAddFunctionTable
RtlUnwindEx
RtlVirtualUnwind
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

412bb50a8fc70ed0bd3eb7f322a988dc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

netapi32

ntdll

bcrypt

msvcrt

Sections

.text Size: 501KB - Virtual size: 501KB

.data Size: 512B - Virtual size: 320B

.rdata Size: 53KB - Virtual size: 52KB

.pdata Size: 12KB - Virtual size: 12KB

.xdata Size: 18KB - Virtual size: 17KB

.bss Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 208B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 501KB - Virtual size: 501KB

.data
Size: 512B - Virtual size: 320B

.rdata
Size: 53KB - Virtual size: 52KB

.pdata
Size: 12KB - Virtual size: 12KB

.xdata
Size: 18KB - Virtual size: 17KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 208B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB