General

Malware Config

Signatures

Files

• 5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.zip

  .zip

  Password: S1BinaryVault

• C/ProgramData/Sentinel/AFUCache/5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0

  .exe windows x86

  Password: S1BinaryVault

  2c2a74fe0776f6aac245ba9e8eeec7c6

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileA

  ReadFile

  LocalFree

  SetFilePointer

  LocalAlloc

  GlobalDeleteAtom

  Sleep

  GlobalAddAtomA

  GlobalFree

  GlobalAlloc

  IsDBCSLeadByte

  GlobalLock

  GlobalFindAtomA

  CompareStringA

  WideCharToMultiByte

  WriteFile

  CloseHandle

  GetWindowsDirectoryA

  OpenProcess

  GetVersion

  FreeLibrary

  RemoveDirectoryA

  GetLastError

  DeleteFileA

  FindFirstFileA

  FindClose

  lstrlenA

  lstrcpyA

  lstrcatA

  lstrcmpA

  lstrcpynA

  MultiByteToWideChar

  CreateProcessA

  WaitForSingleObject

  SetErrorMode

  GetCurrentDirectoryA

  OutputDebugStringA

  LoadLibraryA

  GetProcAddress

  GetFileAttributesA

  GlobalUnlock

  VirtualAlloc

  IsBadWritePtr

  IsBadReadPtr

  SetUnhandledExceptionFilter

  VirtualFree

  HeapCreate

  HeapDestroy

  GetFileType

  GetStdHandle

  SetHandleCount

  GetEnvironmentStringsW

  GetEnvironmentStrings

  IsBadCodePtr

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  lstrcmpiA

  GetModuleFileNameA

  UnhandledExceptionFilter

  GetOEMCP

  GetACP

  GetCPInfo

  HeapAlloc

  HeapFree

  GetCommandLineA

  GetStartupInfoA

  GetModuleHandleA

  GetCurrentProcess

  TerminateProcess

  ExitProcess

  SetCurrentDirectoryA

  SetEnvironmentVariableA

  RtlUnwind

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  user32

  PackDDElParam

  SendMessageA

  DispatchMessageA

  DefWindowProcA

  CharNextA

  DestroyWindow

  UnregisterClassA

  CreateWindowExA

  RegisterClassA

  wsprintfA

  UnpackDDElParam

  LoadStringA

  LoadIconA

  LoadCursorA

  MessageBoxA

  wvsprintfA

  TranslateMessage

  GetMessageA

  SetCursor

  ShowCursor

  SetDlgItemTextA

  SetWindowLongA

  EndDialog

  GetDlgItem

  SetFocus

  DialogBoxParamA

  UpdateWindow

  SetWindowTextA

  InvalidateRect

  CharUpperA

  CharPrevA

  BeginPaint

  GetClientRect

  DrawTextA

  SetRect

  EndPaint

  PostQuitMessage

  GetSystemMenu

  EnableMenuItem

  CreateDialogParamA

  GetWindowRect

  GetSystemMetrics

  SetWindowPos

  ShowWindow

  PostMessageA

  PeekMessageA

  FillRect

  SetClassLongA

  gdi32

  CreateSolidBrush

  SetROP2

  Rectangle

  SelectObject

  SetTextColor

  SetBkMode

  GetStockObject

  GetTextMetricsA

  ExtTextOutA

  CreateFontIndirectA

  DeleteObject

  advapi32

  RegOpenKeyA

  RegEnumValueA

  RegEnumKeyA

  RegDeleteKeyA

  RegCloseKey

  RegDeleteValueA

  RegQueryValueExA

  RegSetValueExA

  RegCreateKeyA

  shell32

  SHGetMalloc

  SHGetSpecialFolderLocation

  SHGetPathFromIDListA

  ole32

  OleInitialize

  OleUninitialize

  oleaut32

  LoadTypeLi

  Sections

  .text

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .text

  Size: 222KB - Virtual size: 224KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• manifest.json