drunkpotato[.]x64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

drunkpotato.x64.dll
Size

14KB
MD5

ea15a39af17620247cceb276a9b6eae4
SHA1

16ef9552b68bcc45f64ff7c91897c0c2d0b3fc8f
SHA256

b0a82bcf75e9078d42e3e92158b4ea8d0a9d570e9491ab596996818f8fb07786
SHA512

ff7efbf3121770221b41f1df9c21dbab4bd87829a9ebe7f202bfb77f4cc19c7d930ce1c01abd383aa263fc7e0bcc4e29204df14f729639b87ab571015b85f965
SSDEEP

384:N8iTmzA+gZ2UoYd1y/Ps3WsH8lsq3fwoZI4R/pFGCf56KWiAKq0K0c:N8Jc9Z3oYcs3DqYoZI4R/KC8vKC0c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/exploits/drunkpotato/drunkpotato.x64.dll

Files

drunkpotato.x64.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/framework/data/exploits/drunkpotato/drunkpotato.x64.dll
.dll windows x64

Password: S@ndb0x!2023@@

37653a84e41f89dc391ccb014e0eccc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateThread
WriteProcessMemory
CloseHandle
VirtualAllocEx
GetLastError
TerminateProcess
Sleep
WaitForSingleObject
CreateRemoteThread
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentProcess

advapi32

EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
FreeSid
OpenSCManagerA
AllocateAndInitializeSid
QueryServiceStatus
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessWithTokenW
OpenServiceA
CreateProcessAsUserW

ole32

CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize

secur32

AcceptSecurityContext
QuerySecurityContextToken
AcquireCredentialsHandleA

ws2_32

freeaddrinfo
closesocket
listen
bind
shutdown
WSACleanup
recv
send
getaddrinfo
WSAStartup
accept
socket

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

msvcr120

_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memset
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
memcmp
memcpy
__clean_type_info_names_internal
calloc
free
atoi
mbstowcs_s
malloc
strstr
exit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__C_specific_handler
__crt_debugger_hook

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

37653a84e41f89dc391ccb014e0eccc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

secur32

ws2_32

crypt32

msvcr120

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 40B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 40B