hive | c5ea62ac6d9eaebd534144602a99776d[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

c5ea62ac6d9eaebd534144602a99776d.bin
Size

295KB
MD5

31053367ec06c23cc46b4ab6eddbb71d
SHA1

80169f865215f1d3566b6d96a5f0990a3ce0e1bc
SHA256

39406803ffd44dc2c944fb444644eac0140b12f2fefe572cc14f5f922f660ac5
SHA512

599ae7c08f5878f5c481140d4a71200c447ca22bc2db50e47f97636889451e978659a5e72c2faa1bca80284262f4faed91f77dd5c0a85b35d2643a2d274f74a6
SSDEEP

6144:LYSCZE0vECWRZodfZKDyyO/ygZy+0PSk1kqBNV/gvepKmyA9v/z0lpZWgJn:MTvECe+GG/O+0PB1kuN0QBdL0lXHn

Score

10^/10

hive

Malware Config

Signatures

Detects Rust x64 variant of Hive Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502.exe	hive_rust_x64

Hive family
hive

Files

c5ea62ac6d9eaebd534144602a99776d.bin
.zip

Password: infected
c9a5db61aa2314d2d71e54a33f36192468b8e1a761e1307f3aa4936fe0ecc502.exe
.exe windows x64

Password: infected

412bb50a8fc70ed0bd3eb7f322a988dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DeviceIoControl
DuplicateHandle
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
GetEnvironmentVariableW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemInfo
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
SetFileAttributesW
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WriteConsoleW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlAddFunctionTable
RtlUnwindEx
RtlVirtualUnwind
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

412bb50a8fc70ed0bd3eb7f322a988dc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

netapi32

ntdll

bcrypt

msvcrt

Sections

.text Size: 501KB - Virtual size: 501KB

.data Size: 512B - Virtual size: 320B

.rdata Size: 53KB - Virtual size: 52KB

.pdata Size: 12KB - Virtual size: 12KB

.xdata Size: 18KB - Virtual size: 17KB

.bss Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 208B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 501KB - Virtual size: 501KB

.data
Size: 512B - Virtual size: 320B

.rdata
Size: 53KB - Virtual size: 52KB

.pdata
Size: 12KB - Virtual size: 12KB

.xdata
Size: 18KB - Virtual size: 17KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 208B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB