ImBetter[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ImBetter.exe
Size

446KB
MD5

e7b7595c06031d68bcdf6f13cb4632a6
SHA1

f239dad6cf421b8b9475bfa56af2c8a5cea7a066
SHA256

9668d4e072999eb5098e97bac471014f5ac8478774f67cba4e8be95ba84e7576
SHA512

9368e0c6d50fede8d9647ea6ebc2be31966508263910a0d2a12c5c6c36af82a62c9447bf01273eb4aac22831fe831005df3abf46d41a12a3a196b4b9b327ee5a
SSDEEP

6144:9qks939C01cM3LJy0TguFz0qHQW7ZzesGsDtVHOYRn9sOQloh7Q0XRMgD:X01vV7gKz0SQW7hZDmIGZoFQE

Score

1^/10

Malware Config

Signatures

Files

ImBetter.exe
.exe windows x64

2cf43178e4fba2da6d1dff3a1d42168b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetProcAddress
LoadLibraryExW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
GetStartupInfoW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
ReadFile
RaiseException
ReadConsoleW
HeapReAlloc
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateFileW
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineW
GetCommandLineA
CompareStringEx
LCMapStringEx
DecodePointer
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionEx
GetFileInformationByHandleEx
AreFileApisANSI
GetProcessHeap
GetPhysicallyInstalledSystemMemory
LocalFree
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile

user32

GetWindowRect
EnumDisplayDevicesW
GetDesktopWindow

advapi32

GetCurrentHwProfileW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

WSAStartup
send
inet_pton
closesocket
WSACleanup
connect
socket
recv
htons

crypt32

CryptUnprotectData

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cf43178e4fba2da6d1dff3a1d42168b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

crypt32

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB