Beasty-Aim[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Beasty-Aim.exe
Size

1.2MB
MD5

5b6a271a1c0cf7ab5795538ff36766dc
SHA1

3afdac187ebffc064710a448c263e25e96692c52
SHA256

fee517208937cd79a3193eebb1474e1137834532176ba2b4b04b21d1c9f547d7
SHA512

38b63ae75069fbcdab25dc65a701d06b2e5c19a32336b7e9b74a5e13d8bf6836d84c74704c0d70b9b456716fea34612184e2a23ae7db9ecde2eaecb80bed6d52
SSDEEP

24576:SDq9EqOhU5yrj6+wWSdmc4Dq9EqOhU5yrj6+wWSdmcTSEoaQLFmTXhRJk+SoAYA1:7o3FmXerPDsJInOR

Score

1^/10

Malware Config

Signatures

Files

Beasty-Aim.exe
.exe windows x64

ba8544c5673bf507d26591bbb640f3ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
WideCharToMultiByte
SetConsoleTextAttribute
GetLastError
GetConsoleWindow
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
CloseHandle
SetConsoleTitleA
FlushFileBuffers
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
MultiByteToWideChar
GetModuleFileNameA
VirtualAlloc
GetTickCount
GetCurrentThread
CreateThread
GetCurrentProcessId
Sleep
Beep
CreateFileW
CreateFileA
GetStdHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc

user32

OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetActiveWindow
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
TranslateMessage
GetWindow
GetWindowThreadProcessId
FindWindowA
SetWindowLongA
GetWindowLongA
MessageBoxA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
mouse_event
GetAsyncKeyState
SetWindowDisplayAffinity
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
ScreenToClient
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
UnregisterClassA
LoadCursorA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
_Xtime_get_ticks
_Thrd_detach
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z

d3d9

Direct3DCreate9Ex

ntdll

VerSetConditionMask
ZwCreateKey
ZwSetValueKey
ZwOpenKey
ZwClose
ZwQueryValueKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

xinput1_4

ord2

normaliz

IdnToAscii

wldap32

ord22
ord60
ord26
ord27
ord33
ord50
ord79
ord30
ord200
ord143
ord301
ord41
ord35
ord32
ord211
ord45
ord46
ord217

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension

ws2_32

listen
__WSAFDIsSet
select
htonl
freeaddrinfo
accept
recvfrom
sendto
gethostname
ntohl
WSACleanup
WSAStartup
WSAIoctl
closesocket
ioctlsocket
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
recv
getsockname
getpeername
connect
bind
WSAGetLastError
send
getaddrinfo

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__std_exception_destroy
_CxxThrowException
memcmp
strchr
strrchr
__std_exception_copy
__current_exception
__current_exception_context
memchr
strstr
__std_terminate
memmove
memset
__C_specific_handler
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
isprint
_strdup
isupper
strspn
strcspn
wcscpy_s
strpbrk
tolower
strncmp

api-ms-win-crt-stdio-l1-1-0

fputc
fgetpos
_wfopen
_get_stream_buffer_pointers
fflush
fsetpos
fgetc
__acrt_iob_func
_fseeki64
setvbuf
_open
_close
_write
_read
ungetc
__p__commode
_set_fmode
fread
__stdio_common_vsprintf_s
_lseeki64
__stdio_common_vsnprintf_s
feof
fputs
fopen
_popen
_pclose
fgets
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
ftell
fseek
fclose

api-ms-win-crt-heap-l1-1-0

realloc
free
_set_new_mode
_callnewh
calloc
malloc

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

_dclass
floorf
ceilf
sqrt
powf
tanf
pow
asin
atan2f
fmodf
atan
cosf
sqrtf
sinf
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_set_app_type
_seh_filter_exe
_cexit
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo_noreturn
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_resetstkoflw
_invalid_parameter_noinfo
__sys_nerr
exit
_get_initial_narrow_environment
system
strerror
_getpid
_beginthreadex
__p___argc
_register_onexit_function
_exit

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
atof
strtoul
strtod
atoi
strtol

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_stat64
remove
_unlink
_access
_fstat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce

Sections

.text
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba8544c5673bf507d26591bbb640f3ef

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

imm32

msvcp140

d3d9

ntdll

xinput1_4

normaliz

wldap32

crypt32

ws2_32

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 896KB - Virtual size: 896KB

.rdata Size: 269KB - Virtual size: 268KB

.data Size: 10KB - Virtual size: 15KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 896KB - Virtual size: 896KB

.rdata
Size: 269KB - Virtual size: 268KB

.data
Size: 10KB - Virtual size: 15KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB