System99-Bootstrapper[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

System99-Bootstrapper.exe
Size

855KB
MD5

dc6d365686fdefc10972b32f226f79df
SHA1

dc44f556541b307035b3962ddfc5335e1d21f6cb
SHA256

bc1820b92e6e103feaebc3c31d049f30a73bea472f75fee441823035128227a7
SHA512

d1d9aea41949c0ff1f4290f7c55c7dff4c42cbd19d6f0583ee32cb09b481abf94669391e0185515f27deaa46ebe7c1cbacfca2bebf3f1b0133254f92c40271b9
SSDEEP

12288:xTL/hRu+71W3Bad9PlePNfdPcC/buH5qRQvTAaIUfLrjpeMQOTh:pL/hRu+71WkdRlqpdr/6FMUfLrjsgh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
System99-Bootstrapper.exe

Files

System99-Bootstrapper.exe
.exe windows:6 windows x64 arch:x64

5f003dba24a43dfa62e3324e92cacab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTimeZoneInformation
GetFullPathNameW
FindClose
SetEndOfFile
SetStdHandle
HeapReAlloc
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
CreateProcessA
GetCurrentDirectoryW
GetModuleFileNameA
CompareStringW
GetTimeFormatW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
Sleep
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
CloseHandle
WaitForSingleObjectEx
SleepEx
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetCurrentThreadId
RaiseException
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetModuleFileNameW
WriteFile
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
RtlUnwind

ntdll

VerSetConditionMask
RtlPcToFileHeader

ws2_32

inet_pton
ioctlsocket
gethostname
getpeername
recv
connect
select
__WSAFDIsSet
htonl
WSAIoctl
setsockopt
freeaddrinfo
getaddrinfo
listen
getsockname
accept
sendto
recvfrom
bind
socket
htons
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptGenRandom

advapi32

CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextW
CryptHashData
CryptCreateHash

Sections

.text
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f003dba24a43dfa62e3324e92cacab9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ws2_32

crypt32

bcrypt

advapi32

Sections

.text Size: 638KB - Virtual size: 637KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 31KB - Virtual size: 30KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 638KB - Virtual size: 637KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 31KB - Virtual size: 30KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 4KB