bootsect[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bootsect.exe
Size

105KB
MD5

68c39a577225aeb6b28ea3558e683c19
SHA1

0504785549d7a3ac936c425b14253f779e580bc3
SHA256

6a4e0396657ace212c955b4c95ddc357be66c2c9968dcd7a909bf4cc32f59841
SHA512

fdb7398aff07be9630be5f8d6e8f415c22fc363fae9f6df816a72c6fbef7b93fe3def26a2f7dbe755a5035fb8efa912022eb80a514f8f04a0a9b25c90e8b557a
SSDEEP

1536:0jzmAqtyFjEIPOhHK6iSlrKcBx5kIc3JGP1nXzMR:kqAqtyFjEkAqclrJdF6UdXgR

Score

1^/10

Malware Config

Signatures

Files

bootsect.exe
.exe windows:10 windows x64 arch:x64

197b5f5cf02964bf07b3a72286de3102

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59
Signer

Actual PE Digest

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

?terminate@@YAXXZ
_amsg_exit
_XcptFilter
__setusermatherr
__getmainargs
iswxdigit
_vsnwprintf
_wcsnicmp
memcpy
_stricmp
swprintf_s
__set_app_type
isalpha
exit
_exit
_cexit
__C_specific_handler
_fmode
_initterm
wcsncmp
_snwscanf_s
_wcslwr
wcsstr
wcsnlen
memset
wcscpy_s
_commode
_wcsicmp

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
SetFilePointer
CreateFileW
GetFileType
ReadFile
WriteFile

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
RtlFreeHeap
NtQueryDirectoryObject
NtCreateEvent
NtOpenDirectoryObject
NtDeviceIoControlFile
NtQuerySymbolicLinkObject
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtResetEvent
NtOpenFile
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtOpenKey
RtlVirtualUnwind
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtFsControlFile
NtClose
RtlInitUnicodeString
NtQuerySystemInformation

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-1-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LCIDToLocaleName

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197b5f5cf02964bf07b3a72286de3102

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

ntdll

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-handle-l1-1-0

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 192B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59
Signer

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 192B