General

Malware Config

Signatures

Files

• Scarabexe.exe

  .exe windows x64

  dfa4b7e43927c69560b31967c9d4722b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  MultiByteToWideChar

  GetTickCount

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetModuleHandleW

  FlushInstructionCache

  RtlLookupFunctionEntry

  RtlDeleteFunctionTable

  InterlockedPushEntrySList

  InterlockedFlushSList

  InitializeSListHead

  GetTickCount64

  DuplicateHandle

  QueueUserAPC

  WaitForSingleObjectEx

  SetThreadPriority

  GetThreadPriority

  ResumeThread

  GetCurrentThreadId

  Sleep

  TlsAlloc

  GetCurrentThread

  CreateThread

  WaitForMultipleObjectsEx

  SignalObjectAndWait

  RtlCaptureContext

  SetThreadStackGuarantee

  VirtualQuery

  GetStdHandle

  WideCharToMultiByte

  GetConsoleOutputCP

  MapViewOfFileEx

  UnmapViewOfFile

  GetStringTypeExW

  SetEvent

  GetCurrentProcessorNumber

  GlobalMemoryStatusEx

  CreateIoCompletionPort

  PostQueuedCompletionStatus

  SleepEx

  GetQueuedCompletionStatus

  InterlockedPopEntrySList

  GetCurrentProcessorNumberEx

  ExitProcess

  CreateMemoryResourceNotification

  GetProcessAffinityMask

  SetThreadIdealProcessorEx

  GetThreadIdealProcessorEx

  GetLargePageMinimum

  VirtualUnlock

  GetLogicalProcessorInformation

  SetThreadGroupAffinity

  SetThreadAffinityMask

  IsProcessInJob

  QueryInformationJobObject

  K32GetProcessMemoryInfo

  VirtualAlloc

  VirtualFree

  VirtualProtect

  SwitchToThread

  CloseThreadpoolTimer

  CreateThreadpoolTimer

  SetThreadpoolTimer

  GetFileSize

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  CreateEventW

  ResetEvent

  CreateSemaphoreExW

  ReleaseSemaphore

  CreateMutexW

  ReleaseMutex

  GetThreadContext

  SuspendThread

  SetThreadContext

  GetEnabledXStateFeatures

  InitializeContext

  RtlRestoreContext

  RtlInstallFunctionTableCallback

  GetSystemDefaultLCID

  GetUserDefaultLCID

  RtlUnwind

  LoadLibraryExW

  HeapAlloc

  HeapFree

  GetProcessHeap

  HeapCreate

  HeapDestroy

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FormatMessageW

  OutputDebugStringA

  GetACP

  LCMapStringEx

  LocalFree

  VerSetConditionMask

  VerifyVersionInfoW

  FindClose

  GetModuleFileNameW

  FindNextFileW

  QueryThreadCycleTime

  VirtualAllocExNuma

  GetNumaProcessorNodeEx

  GetNumaHighestNodeNumber

  GetLogicalProcessorInformationEx

  GetThreadGroupAffinity

  GetSystemTimes

  GetSystemTimeAsFileTime

  CreateFileMappingW

  CreateProcessW

  GetCPInfo

  CreateFileW

  GetFileAttributesExW

  GetTempPathW

  GetCurrentDirectoryW

  FindFirstFileExW

  GetFullPathNameW

  OpenProcess

  LoadLibraryExA

  OpenEventW

  ExitThread

  HeapReAlloc

  CreateNamedPipeA

  WaitForMultipleObjects

  DisconnectNamedPipe

  CreateFileA

  CancelIoEx

  GetOverlappedResult

  ConnectNamedPipe

  FlushFileBuffers

  MapViewOfFile

  GetActiveProcessorGroupCount

  GetSystemTime

  SetConsoleCtrlHandler

  GetLocaleInfoEx

  GetUserDefaultLocaleName

  RtlAddFunctionTable

  CreateDirectoryW

  RemoveDirectoryW

  GetFileSizeEx

  LoadLibraryA

  IsWow64Process

  InitializeCriticalSectionAndSpinCount

  AddVectoredExceptionHandler

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetCurrentProcessId

  RaiseFailFastException

  FreeLibrary

  RaiseException

  WaitForSingleObject

  TlsSetValue

  TlsGetValue

  GetSystemInfo

  IsDebuggerPresent

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  WriteFile

  GetProcessTimes

  GetCommandLineW

  ReadFile

  SetFilePointer

  GetProcAddress

  GetModuleHandleExW

  SetErrorMode

  CloseHandle

  GetCurrentProcess

  FlushProcessWriteBuffers

  SetLastError

  GetLastError

  OutputDebugStringW

  SetXStateFeaturesMask

  DebugBreak

  DecodePointer

  GetStringTypeW

  RtlVirtualUnwind

  IsProcessorFeaturePresent

  RtlUnwindEx

  EncodePointer

  TlsFree

  RtlPcToFileHeader

  InitializeConditionVariable

  WakeConditionVariable

  WakeAllConditionVariable

  SleepConditionVariableCS

  SleepConditionVariableSRW

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  InitializeCriticalSectionEx

  TryEnterCriticalSection

  GetExitCodeThread

  CreateFileMappingA

  advapi32

  RegGetValueW

  SetKernelObjectSecurity

  GetSidSubAuthorityCount

  GetSidSubAuthority

  GetTokenInformation

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  EventRegister

  AdjustTokenPrivileges

  OpenProcessToken

  LookupPrivilegeValueW

  SetThreadToken

  RevertToSelf

  OpenThreadToken

  EventWriteTransfer

  EventWrite

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CoWaitForMultipleHandles

  IIDFromString

  CLSIDFromProgID

  CoGetMarshalSizeMax

  CoMarshalInterface

  CoCreateGuid

  CoGetObjectContext

  CoRegisterInitializeSpy

  CoGetContextToken

  CoGetClassObject

  CoCreateFreeThreadedMarshaler

  CreateStreamOnHGlobal

  StringFromGUID2

  CoInitializeEx

  CoUninitialize

  CoUnmarshalInterface

  CoRevokeInitializeSpy

  CoReleaseMarshalData

  oleaut32

  SafeArrayAllocData

  SafeArrayGetElemsize

  SysStringByteLen

  SysAllocStringByteLen

  SafeArrayCreateVector

  SafeArrayPutElement

  LoadRegTypeLi

  CreateErrorInfo

  SafeArrayAllocDescriptorEx

  VarCyFromDec

  VariantInit

  VariantClear

  SafeArraySetRecordInfo

  VariantChangeType

  SafeArrayGetVartype

  LoadTypeLibEx

  QueryPathOfRegTypeLi

  SafeArrayDestroy

  SafeArrayGetLBound

  SafeArrayGetDim

  SysAllocStringLen

  SysStringLen

  SysAllocString

  SetErrorInfo

  GetErrorInfo

  SysFreeString

  VariantChangeTypeEx

  GetRecordInfoFromTypeInfo

  user32

  MessageBoxW

  LoadStringW

  version

  VerQueryValueW

  GetFileVersionInfoExW

  GetFileVersionInfoSizeExW

  shell32

  ShellExecuteW

  api-ms-win-crt-string-l1-1-0

  strncmp

  wcsncmp

  iswupper

  towlower

  isalpha

  isdigit

  wcstok_s

  strnlen

  iswascii

  towupper

  wcscat_s

  strcspn

  wcscpy_s

  _stricmp

  strlen

  isupper

  strcmp

  _wcsnicmp

  _wcsdup

  wcsncpy_s

  tolower

  islower

  strtok_s

  isspace

  _strdup

  __strncnt

  strncpy_s

  strcpy_s

  wcsncat_s

  strncat_s

  strcat_s

  iswspace

  wcsnlen

  _strnicmp

  _wcsicmp

  api-ms-win-crt-stdio-l1-1-0

  fwrite

  __stdio_common_vswprintf_s

  __p__commode

  _set_fmode

  __stdio_common_vsnprintf_s

  __stdio_common_vfwprintf

  _flushall

  _wfopen

  _wfsopen

  fseek

  __stdio_common_vfprintf

  ftell

  __stdio_common_vsprintf_s

  fputws

  __acrt_iob_func

  fflush

  _fileno

  _dup

  _setmode

  setvbuf

  fputwc

  _get_stream_buffer_pointers

  _fseeki64

  fread

  fsetpos

  ungetc

  fgetpos

  fgetc

  fputc

  __stdio_common_vswprintf

  fclose

  fgets

  __stdio_common_vsscanf

  fopen

  fputs

  __stdio_common_vsnwprintf_s

  _putws

  api-ms-win-crt-runtime-l1-1-0

  terminate

  _errno

  _beginthreadex

  abort

  exit

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  _seh_filter_exe

  _set_app_type

  _invalid_parameter_noinfo_noreturn

  _configure_wide_argv

  _initialize_wide_environment

  _get_initial_wide_environment

  _initterm

  _initterm_e

  _exit

  _controlfp_s

  __p___argc

  __p___wargv

  _c_exit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo

  _wcserror

  api-ms-win-crt-convert-l1-1-0

  atol

  _ltow_s

  strtoull

  _atoi64

  strtoul

  wcstoul

  _wtoi

  _wcstoui64

  _itow_s

  api-ms-win-crt-heap-l1-1-0

  calloc

  free

  _set_new_mode

  malloc

  realloc

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-math-l1-1-0

  ceil

  atanf

  atan2f

  atan2

  atan

  asinf

  asin

  acosf

  modff

  cos

  powf

  pow

  floorf

  log2

  atanh

  acosh

  cosf

  cbrt

  asinh

  asinhf

  ilogbf

  atanhf

  cbrtf

  acoshf

  log2f

  fma

  fmaf

  fmod

  cosh

  coshf

  modf

  exp

  expf

  _fdopen

  floor

  _copysign

  _copysignf

  _isnanf

  __setusermatherr

  _isnan

  ceilf

  fmodf

  ilogb

  frexp

  log

  log10

  log10f

  logf

  _finite

  sin

  sinf

  sinh

  sinhf

  sqrt

  sqrtf

  tan

  tanf

  tanh

  acos

  tanhf

  api-ms-win-crt-time-l1-1-0

  _time64

  wcsftime

  _gmtime64_s

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  _lock_locales

  _unlock_locales

  setlocale

  __pctype_func

  ___lc_locale_name_func

  ___lc_codepage_func

  ___mb_cur_max_func

  localeconv

  api-ms-win-crt-filesystem-l1-1-0

  _wrename

  _wremove

  _unlock_file

  _lock_file

  Exports

  Exports

  CLRJitAttachState

  DotNetRuntimeInfo

  MetaDataGetDispenser

  g_CLREngineMetrics

  Sections

  .text

  Size: 6.0MB - Virtual size: 6.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .CLR_UEF

  Size: 512B - Virtual size: 271B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 120KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 215KB - Virtual size: 214KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Section

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 77KB - Virtual size: 76KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ