Sherwood Elusive Bot[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Sherwood Elusive Bot.exe
Size

4.8MB
MD5

f487e234ca0f9149c6096163166f5f25
SHA1

e087f5d42039f45d9051e726fb39e1c3312211a7
SHA256

c8dfd0838a63411e1f05dc9e9f61af9d48cf15ca8e009ee3e6225f4d182e5438
SHA512

0e0d0edad5546532ff76a3c42e0cb6e767f042e932a43e8c5def35103b7c8880281d15e67071638b2abbeff59e44633d018cfb2af70b5b2168022dd3ad1f9aae
SSDEEP

49152:6oUToNxt42jtCm76SIAOMD0SQ4hMogfJesa6vTfDc:7r6SfIKgfPRDc

Score

1^/10

Malware Config

Signatures

Files

Sherwood Elusive Bot.exe
.exe windows x64

5bcae48c076ea50c8166209fb87ef209

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
recvfrom
WSACloseEvent
gethostname
ntohl
closesocket
freeaddrinfo
getaddrinfo
ioctlsocket
listen
htonl
accept
WSAGetLastError
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
setsockopt
ntohs
WSACreateEvent
getsockopt
getsockname
getpeername
bind
WSAStartup
inet_addr
send
socket
connect
recv
htons
sendto

normaliz

IdnToAscii

wldap32

ord79
ord30
ord200
ord301
ord22
ord35
ord33
ord45
ord60
ord211
ord46
ord32
ord217
ord143
ord27
ord41
ord26
ord50

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

GetSecurityInfo
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetFileInformationByHandle
RaiseException
SetConsoleOutputCP
SetConsoleTextAttribute
GetStdHandle
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleHandleW
SetConsoleCtrlHandler
SetConsoleTitleW
LockResource
LoadResource
FindResourceW
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
SetLastError
MoveFileExA
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
RtlUnwind
DecodePointer
MoveFileExW
SetFileAttributesW
GetFileTime
SetFilePointerEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetExitCodeThread
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

SHGetFolderPathW

bcrypt

BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptDeriveKeyPBKDF2
BCryptGenRandom

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bcae48c076ea50c8166209fb87ef209

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

normaliz

wldap32

crypt32

advapi32

kernel32

ole32

shell32

bcrypt

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 35KB - Virtual size: 69KB

.pdata Size: 81KB - Virtual size: 80KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 35KB - Virtual size: 69KB

.pdata
Size: 81KB - Virtual size: 80KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 11KB - Virtual size: 11KB