boot500[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

boot500.exe
Size

639KB
MD5

d353c0efb7bb57ce64aca275a50aa01a
SHA1

ed54620d9659447c4f8e32bab1c1e8e03ba63805
SHA256

3eafe152158e4b80d4fdfa8d8e41ea16f9ab9398377b2d60df3e28495a58d374
SHA512

60246fed9f8cd041c1f8a7e28afe948b8cc6471d7a8ba8ab18d483aacead3acec6330637159039f5c09cecde6001e93cb015f545eedaf2e05cba9fd746a5414b
SSDEEP

12288:695pOLYz7lMTTiQgAxox+LGCZeHmgpqIMKs47eHsTqV9BOkD:6BOAyTT4UBjgpqIiKeHsuV9B3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
boot500.exe

Files

boot500.exe
.exe windows x86

67565c1c330845ef8d6996fcd11571bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_purecall
memset
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
strchr
srand
time
memcmp
memcpy
strcmp
strncmp
atol
strcat
_chdir
_getcwd
calloc
free
_strcmpi
strlen
_exit
_XcptFilter
exit
_acmdln_dll
_initterm
__GetMainArgs
_commode_dll
_fmode_dll
_global_unwind2
_local_unwind2
strstr
_getdrive
_chdrive
_mkdir

mpr

WNetConnectionDialog
WNetGetUserA

kernel32

SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CloseHandle
OpenFile
CreateFileA
SetFilePointer
ReadFile
IsDBCSLeadByte
WriteFile
WideCharToMultiByte
lstrcmpiA
GetVersion
FormatMessageA
SetErrorMode
DeviceIoControl
GetLastError
GetDiskFreeSpaceA
FreeLibrary
_lread
_llseek
GetTickCount
_lopen
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
lstrcpynA
DeleteFileA
_lwrite
lstrcatA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetTempPathA
GetStartupInfoA
lstrlenA
lstrcpyA
GlobalLock
_lclose
GlobalAlloc
GlobalHandle
GlobalReAlloc
GlobalUnlock
FindNextFileA
GlobalFree
FindFirstFileA
GetDriveTypeA
FindClose
GetLogicalDrives
GetProcAddress
GetVolumeInformationA
LoadLibraryA
GetFileTime
FreeResource

user32

EnableMenuItem
GetSystemMenu
SetWindowPos
GetSystemMetrics
SetWindowLongA
LoadCursorA
IsIconic
GetParent
SetFocus
MessageBeep
DestroyWindow
OemToCharA
CharNextA
CharToOemA
DrawFocusRect
SetCursor
MessageBoxA
GetDesktopWindow
GetWindowRect
LoadStringA
CreateDialogParamA
DrawTextA
GetClientRect
GetWindowLongA
EndPaint
BeginPaint
DefWindowProcA
RegisterClassA
DispatchMessageA
CharPrevA
CharUpperA
TranslateMessage
SetWindowTextA
CreateIconIndirect
GetIconInfo
KillTimer
SetTimer
CreateWindowExA
LoadBitmapA
CheckDlgButton
PostMessageA
GetDlgItemInt
IsDlgButtonChecked
SetDlgItemInt
InvalidateRect
GetScrollRange
CharLowerA
DialogBoxParamA
GetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
wsprintfA
ShowWindow
EnableWindow
EndDialog
GetDlgItemTextA
GetDlgItem
SendMessageA
GetDC
SetRect
GetSysColor
IsDialogMessageA
PeekMessageA
FillRect
ReleaseDC
DestroyIcon

gdi32

DeleteDC
CreateSolidBrush
SelectObject
DeleteObject
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
ExtTextOutA
SetTextColor
GetTextMetricsA
GetBkColor
BitBlt
GetStockObject
SetBkMode
SetBkColor

comdlg32

GetSaveFileNameA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67565c1c330845ef8d6996fcd11571bc

Headers

File Characteristics

Imports

crtdll

mpr

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 4KB