Doublepulsar-1[.]3[.]1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Doublepulsar-1.3.1.exe
Size

44KB
MD5

c24315b0585b852110977dacafe6c8c1
SHA1

be855cd1bfc1e1446a3390c693f29e2a3007c04e
SHA256

15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13
SHA512

81032d741767e868ec9d01e827b1c974b7c040ff832907d0a2c4bdc08301189b1de3338225587eddf81a829103392f454ba9d9685330b5f6706ea2977a6418e2
SSDEEP

768:Zfsz7cLr4VwePeXUTQq+BNV1WzV64aHo2Ej4rrIrL/SBfjyC:ZyJwFmB+jVTEkrmL/eT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Doublepulsar-1.3.1.exe

Files

Doublepulsar-1.3.1.exe
.exe windows x86

2ef98d303937b8d317d5ce3aea3e144e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetTickCount
GetLastError

trfo-2

TfReadFileIntoBuffer
TfFree
TfWriteBufferIntoFile
TfStrICmp

trch-1

Parameter_U32_getValue
Parameter_LocalFile_getValue
Parameter_Port_getValue
Parameter_IPv4_getValue
Params_findParameter
Parameter_S16_getValue
Params_findParamchoice
Paramchoice_getValue
Parameter_String_getValue

tucl-1

TcLog

ws2_32

inet_addr
inet_ntoa
htons

coli-0

mainWrapper
coli_setProcess
coli_setID
coli_setCleanup
coli_delete
coli_create
coli_setValidate

tibe-2

TbPutAlign
TbPutLong
TbPutBuff
TbWinsockStartup
TbFreeStructBuffers
TbFinishSocket
TbCleanSB
TbDoSmbPacket
TbMakeSmbHeader
TbPutTransact
TbPutShort
TbPutByte
TbSetRemoteSocketData
TbMakeSocket
TbSetAuthenticationData
TbDoSmbStartup
TbInitStruct

cnli-1

CNEString_strstr
CNEString_vsnprintf
byteSwapShort
CNEMem_cleanNClearNDestroyPointer
CNESocket_close
CNEMem_cleanNClear
CNESocket_send
CNESocket_recv
CNESocket_getOSError
CNESocket_create
byteSwapLong
CNE_allocateCleanMemoryFunc
CNEString_strlen
CNESystemWin_sleep
CNESocket_connect

xdvl-0

XDevLib_generateRandomSequence
XDevLib_xorMask

ssleay32

ord96
ord172
ord12
ord21
ord75
ord87
ord43
ord48
ord8
ord108
ord78
ord58
ord183

msvcrt

_controlfp
?terminate@@YAXXZ
_unlink
memset
memcpy
srand
memmove
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ef98d303937b8d317d5ce3aea3e144e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

trfo-2

trch-1

tucl-1

ws2_32

coli-0

tibe-2

cnli-1

xdvl-0

ssleay32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB