Bothax[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bothax.rar
Size

1.9MB
MD5

3fbd5679b8a1e7a6c544d973b54ab5aa
SHA1

9b9fcec4f62f633732190e402ca2f583fc8fc46b
SHA256

1b62c553fde37ae2f8f5789b251c05bf038e103ae2156c7225d086cc6d07dca0
SHA512

076c3ae1cdfcfffa17853d574152af5782d3b7ef44d2d21a3ed91fbb4ee9db55a594926dcbd68b86f2d57601741e12d1ed26b0a5f109b7198ca56bf766c0794e
SSDEEP

49152:8YRWsNhSRQVKyEAG+GliEhLdGHFDCD2zvJpCUWGWuQ6v:hYBRQrOhxGSgvfmG/Qq

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bothax/BINTERNAL R v3.0.dll
unpack001/Bothax/BINTERNAL_loader__multibox.exe

Files

Bothax.rar
.rar
Bothax/BINTERNAL R v3.0.dll
.dll windows:6 windows x64 arch:x64

f3545039e69b066b86da7fbc5fa7db73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

CallWindowProcA
DefWindowProcA
CreateWindowExA
UnregisterClassA
SetWindowLongPtrA
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
MessageBoxA
GetAsyncKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
DestroyWindow

kernel32

GetEnvironmentVariableW
SwitchToFiber
DeleteFiber
VirtualProtect
CreateFiber
GetStdHandle
SetConsoleMode
ReadConsoleA
AttachConsole
FreeConsole
SetStdHandle
GetCurrentProcessId
AllocConsole
FreeLibraryAndExitThread
Sleep
DisableThreadLibraryCalls
CloseHandle
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExA
GetLastError
FormatMessageA
GetModuleHandleW
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
GetTickCount
GlobalMemoryStatus
SetConsoleTitleA
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreatePipe
GetExitCodeProcess
WaitForSingleObject
SetConsoleCtrlHandler
DeleteFileW
FlushFileBuffers
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
ExitProcess
CreateProcessW
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
DuplicateHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetTickCount64
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
WaitForSingleObjectEx
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetTempPathW
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
RtlUnwind
LoadLibraryW

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext

ws2_32

getnameinfo
shutdown
gethostname
ioctlsocket
sendto
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom

wldap32

ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

advapi32

CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
DeregisterEventSource
CryptDestroyHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptSignHashW
CryptGenRandom
CryptEnumProvidersW

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bothax/BINTERNAL_loader__multibox.exe
.exe windows:6 windows x64 arch:x64

bcc23d7dfd3d552b10e08f0be157462b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
K32EnumProcessModules
K32GetModuleFileNameExA
CreateMutexA
Sleep
OpenMutexA
SetConsoleTitleA
WaitForSingleObject
TerminateProcess
CreateRemoteThread
GetProcAddress
ResumeThread
CreateProcessA
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
ReadConsoleW
ReadFile
HeapSize
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
OpenProcess
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
SuspendThread
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapFree
HeapAlloc
HeapReAlloc
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
MultiByteToWideChar
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleW

user32

GetWindowTextA
IsWindowVisible
SetWindowTextA
EnumWindows
GetWindowThreadProcessId

comdlg32

GetOpenFileNameA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bothax/key.txt

Sharing

General

Malware Config

Signatures

Files

f3545039e69b066b86da7fbc5fa7db73

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

imm32

ws2_32

wldap32

advapi32

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 784KB - Virtual size: 783KB

.data Size: 87KB - Virtual size: 119KB

.pdata Size: 135KB - Virtual size: 135KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 27KB - Virtual size: 27KB

bcc23d7dfd3d552b10e08f0be157462b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 27KB - Virtual size: 26KB

.idata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 784KB - Virtual size: 783KB

.data
Size: 87KB - Virtual size: 119KB

.pdata
Size: 135KB - Virtual size: 135KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 27KB - Virtual size: 26KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB