TurtleSUSP-bcafd2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TurtleSUSP-bcafd2.exe
Size

950KB
MD5

74579de1fbfc2dd199294c428fb58560
SHA1

bcafd25a22f4d151cc32fa80cda23c546456b86e
SHA256

275ac0aa8d52235f9aedb885467198c1339d82a652d8a21b26d48a0c4682e966
SHA512

5097e348a79bff2b81fd951c365503d37adbf46a2bed7f2b815d16108e1c64445045cd9b2b13d29bce6cba5efeb5c15ed25de33cb274c558a9c0289a608917db
SSDEEP

12288:X8laspFsXXsY4UdutoYCfKGuzowqxM88VmZT2H:XopFsXXsY7dH9uzozh2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TurtleSUSP-bcafd2.exe

Files

TurtleSUSP-bcafd2.exe
.exe windows:4 windows x64 arch:x64

7609a40568145c3ea2cc1f5780eb2bee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateProcessA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetExitCodeProcess
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
RaiseException
ReleaseSemaphore
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_initterm
_lock
_lseeki64
_onexit
_strnicmp
_unlock
_vscprintf
_vsnprintf
_wfopen
_wfopen_s
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strcpy_s
strerror
strftime
strlen
strncmp
strxfrm
swprintf_s
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat_s
wcscoll
wcsftime
wcslen
wcsxfrm
_write
_read
_fileno
_fdopen
_close

user32

MessageBoxW

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7609a40568145c3ea2cc1f5780eb2bee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 752KB - Virtual size: 751KB

.data Size: 12KB - Virtual size: 12KB

.rdata Size: 68KB - Virtual size: 67KB

.pdata Size: 44KB - Virtual size: 43KB

.xdata Size: 61KB - Virtual size: 61KB

.bss Size: - Virtual size: 51KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 752KB - Virtual size: 751KB

.data
Size: 12KB - Virtual size: 12KB

.rdata
Size: 68KB - Virtual size: 67KB

.pdata
Size: 44KB - Virtual size: 43KB

.xdata
Size: 61KB - Virtual size: 61KB

.bss
Size: - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB