General

Malware Config

Signatures

Files

• 67be2a5e7b30a949b42a7306b7c2cd139da4133a2ec0c0afdb59218f4649130a.zip

  .zip

  Password: S1BinaryVault

• C/ProgramData/Sentinel/AFUCache/67be2a5e7b30a949b42a7306b7c2cd139da4133a2ec0c0afdb59218f4649130a

  .dll windows x64

  Password: S1BinaryVault

  bb5490a497d4a5ce59005ca1d1aacc2a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  user32

  wsprintfA

  ws2_32

  getaddrinfo

  closesocket

  shutdown

  send

  setsockopt

  freeaddrinfo

  recv

  WSAIoctl

  select

  connect

  inet_ntoa

  inet_addr

  htons

  ioctlsocket

  WSAStartup

  socket

  advapi32

  GetTokenInformation

  OpenProcessToken

  GetSidSubAuthority

  kernel32

  WriteFile

  SetFilePointer

  CreateFileA

  VirtualFree

  LocalFree

  LocalAlloc

  SystemTimeToFileTime

  SetEvent

  WaitForSingleObject

  ExitThread

  CloseHandle

  CreateThread

  GetTempPathA

  GetVolumeInformationA

  Sleep

  CreateEventA

  GetCurrentProcess

  FileTimeToSystemTime

  GetLocalTime

  VirtualAlloc

  secur32

  GetUserNameExA

  GetUserNameExW

  ole32

  CoCreateInstance

  CoUninitialize

  CoInitialize

  Exports

  Exports

  rundll

  Sections

  .text

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 595B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 432B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• manifest.json