darkvnc | f3ccf5ab10c55af91804220c822086180e9b950709f92cfa4c2c33667a4b54f8

General

Target

f3ccf5ab10c55af91804220c822086180e9b950709f92cfa4c2c33667a4b54f8
Size

534KB
MD5

0d6e174966870dedb0843ab37b491c21
SHA1

94d0ea8fcb539e9e26053d4e3b8c24f31cfdf7e8
SHA256

f3ccf5ab10c55af91804220c822086180e9b950709f92cfa4c2c33667a4b54f8
SHA512

90e53382001181b336210fb6527a7b4c84e24db1a0ff3a718b36cc7e533f1e1270b3eaf7df47251bde3f888a839b26d41c1c6caad8eaf7260d4b685492632993
SSDEEP

12288:h201Bz+u8hEWcitltfuzUoBP78fCSxGGS1c9wIl1JS0:h201Mbtcw2gYP7exFSLInL

Score

10^/10

rat darkvnc

Malware Config

Signatures

DarkVNC payload 1 IoCs
rat

Processes:

resource yara_rule

sample darkvnc
Darkvnc family
darkvnc

resource	yara_rule
sample	darkvnc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f3ccf5ab10c55af91804220c822086180e9b950709f92cfa4c2c33667a4b54f8

Files

f3ccf5ab10c55af91804220c822086180e9b950709f92cfa4c2c33667a4b54f8
.dll windows:5 windows x86

4577f94feb63e6eaf3920512713e97b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtResumeProcess
NtSuspendProcess
RtlUnwind
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtQueryVirtualMemory
NtSetContextThread
NtCreateSection
memcpy
memset

shlwapi

StrChrA
StrRChrA
PathCombineW

psapi

GetModuleFileNameExA
EnumProcessModules

kernel32

ReadProcessMemory
GetFileSize
WaitForSingleObject
LoadLibraryA
FreeLibrary
lstrcmpA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
CreateFileA
GetModuleFileNameA
lstrlenA
lstrcatA
lstrcpyA
lstrcmpiA
SetFilePointer
CreateRemoteThread
GetCurrentProcess
VirtualAllocEx
LocalAlloc
LocalReAlloc
LocalFree
CloseHandle
CreateEventA
OpenEventA
GetModuleHandleA
CreateProcessW
GetComputerNameW
VirtualProtectEx
OpenProcess
GetCurrentProcessId
SwitchToThread
GetLastError
VirtualFree
WriteProcessMemory
GetThreadContext
SuspendThread
ResumeThread
Sleep
GetModuleHandleW
GetVersion
GetProcAddress
VirtualAlloc
ReadFile

user32

wsprintfA

shell32

ShellExecuteA
SHGetFolderPathW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4577f94feb63e6eaf3920512713e97b2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

psapi

kernel32

user32

shell32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 506KB - Virtual size: 506KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 506KB - Virtual size: 506KB

.reloc
Size: 1KB - Virtual size: 1KB