5ac7f9b789a8f2ad4e3cf11c41aae3bb

Sharing

Copy URL Twitter E-mail

General

Target

5ac7f9b789a8f2ad4e3cf11c41aae3bb
Size

637KB
MD5

5ac7f9b789a8f2ad4e3cf11c41aae3bb
SHA1

9e39fd951bc3a4078fe7bf9310b0a9c3ebbf3897
SHA256

8916ff27d3874484691c856cedfaeccf026d87e87f2f1e5787466dde9939832d
SHA512

c83de91d3ff0441f2becc05825dc6d8d1082e5af1b520d1206d21d02a63aaabad3eaa67b696e00d03ec4f14279f5391ad9a69ddd3b9e1904a20ca8112c9bd198
SSDEEP

12288:CIANH69CZiVa7rPpEl3QnBRuF0hUSIKs5/5NB8DzVKIhiD8NoPQatQMy:C+Ck5J8fiH5NBazMIhiPPQaaMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Osiris.dll
unpack001/injector.exe

Files

5ac7f9b789a8f2ad4e3cf11c41aae3bb
.zip
Osiris.dll
.dll windows:6 windows x86 arch:x86

9ecc50151a79c10d11eab22af5677916

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Random_device@std@@YAIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z

user32

GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
SetWindowLongA
CallWindowProcA
FlashWindowEx
FindWindowW
MessageBoxA
GetAsyncKeyState

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

kernel32

RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
VirtualProtect
GetModuleHandleW
GetProcAddress
VirtualQuery
K32GetModuleInformation
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
AreFileApisANSI
CloseHandle
GetLastError
SetLastError
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls

vcruntime140

memcpy
memchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
__current_exception
__current_exception_context
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
memmove

api-ms-win-crt-stdio-l1-1-0

fputc
_get_stream_buffer_pointers
_wfopen
fflush
fclose
__stdio_common_vfprintf
fseek
fgetc
ftell
__stdio_common_vsscanf
fwrite
fgetpos
__stdio_common_vsprintf_s
setvbuf
_fseeki64
fread
__stdio_common_vsprintf
ungetc
fsetpos

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

abort
terminate
exit
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strncpy
strcpy_s
isdigit
isblank

api-ms-win-crt-math-l1-1-0

ceil
_fdclass
_CIfmod
__libm_sse2_cosf
remainderf
__libm_sse2_pow
modf
_isnan
__libm_sse2_powf
_finite
__libm_sse2_sinf
_dclass

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

atof

Sections

.text
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.exe
.exe windows:6 windows x86 arch:x86

c21234a4bc8e1d95db025091b2fd97c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetFullPathNameA
CloseHandle
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
GetConsoleWindow
CreateToolhelp32Snapshot
Process32Next
WriteConsoleW
GetLastError
FormatMessageW
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
TryEnterCriticalSection
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
LoadLibraryW
WaitForSingleObject
RaiseException
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
WriteFile
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
SetConsoleCtrlHandler
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
RtlCaptureStackBackTrace

Sections

.text
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ecc50151a79c10d11eab22af5677916

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

msvcp140

user32

imm32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 505KB - Virtual size: 504KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 34KB

_RDATA Size: 10KB - Virtual size: 9KB

.reloc Size: 25KB - Virtual size: 25KB

c21234a4bc8e1d95db025091b2fd97c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 610KB - Virtual size: 610KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 505KB - Virtual size: 504KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 34KB

_RDATA
Size: 10KB - Virtual size: 9KB

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 610KB - Virtual size: 610KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 30KB - Virtual size: 30KB