2024-01-24_f83adf211706cae899e63e8780221b29_darkside

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_f83adf211706cae899e63e8780221b29_darkside
Size

861KB
MD5

f83adf211706cae899e63e8780221b29
SHA1

04277a23667c96f9778e46af8a29a19c6a0addbd
SHA256

e588357fa1f3550a71f887b668ed0840c29a0f5255576d79632fab25b2442509
SHA512

0858f2f12e4b44ad9235f7bef3baca05754240a3f530e44d7595ed0b90b648af3c05b3116936c7d5eb3e40584d5d770d43679df2965890bd120136c1cde0554a
SSDEEP

12288:1dgBLD5PdTzGAdQRTVE9Nhv25xIZGT+dL/mwPzQX:2RdQbGcIZldL/DLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-24_f83adf211706cae899e63e8780221b29_darkside

Files

2024-01-24_f83adf211706cae899e63e8780221b29_darkside
.exe windows:5 windows x86 arch:x86

052c6a827abdd2128d24ba75d4a5642b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord4815
ord1313
ord436
ord686
ord2100
ord2595
ord1688
ord1783
ord1716
ord3651
ord775
ord1696
ord6353
ord1779
ord1708
ord3627
ord750
ord1782
ord1715
ord3648
ord772
ord2286
ord1786
ord1722
ord4663
ord3278
ord3661
ord785
ord4268
ord430
ord683
ord4009
ord1686
ord4547
ord4618
ord5106
ord3070
ord5105
ord4785
ord5228
ord3551
ord4693
ord3251
ord2969
ord5616
ord1440
ord3681
ord2646
ord2645
ord2647
ord2644
ord2643
ord5656
ord5601
ord1753
ord6410
ord3354
ord4378
ord4265
ord5296
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5209
ord5016
ord4596
ord4589
ord5418
ord4810
ord5214
ord4622
ord5224
ord4865
ord4866
ord4109
ord5349
ord4945
ord4946
ord5356
ord4987
ord5487
ord4861
ord4789
ord4927
ord5279
ord5407
ord4955
ord4904
ord5408
ord4942
ord5384
ord4707
ord4797
ord4798
ord5400
ord5230
ord5142
ord5239
ord5491
ord5401
ord5079
ord5382
ord4933
ord5397
ord4549
ord1376
ord2194
ord4550
ord6697
ord290
ord1329
ord6698
ord815
ord616
ord3497
ord1668
ord1769
ord3492
ord3234
ord2632
ord2637
ord2614
ord959
ord4653
ord1666
ord2275
ord4508
ord4934
ord3992
ord5938
ord4490
ord1354
ord3537
ord1581
ord936
ord293
ord1556
ord5737
ord5559
ord690
ord441
ord1314
ord6415
ord5939
ord6687
ord3515
ord1486
ord2725
ord6476
ord6203
ord2901
ord4516
ord2470
ord4741
ord4398
ord3953
ord4351
ord2360
ord4527
ord5182
ord2326
ord400
ord3534
ord2953
ord2955
ord5943
ord4159
ord4774
ord5194
ord744
ord524
ord2084
ord663
ord404
ord778
ord3654
ord4660
ord1719
ord2283
ord821
ord2082
ord2481
ord4521
ord812
ord4492
ord1250
ord1254
ord1603
ord5322
ord6065
ord5201
ord3183
ord6205
ord6355
ord4266
ord3061
ord4543
ord3165
ord1678
ord3742
ord5497
ord4992
ord6604
ord4010
ord611
ord3489
ord4652
ord1665
ord2274
ord615
ord3496
ord4654
ord1667
ord2277
ord4510
ord1601
ord2103
ord693
ord3563
ord4658
ord2280
ord6096
ord613
ord337
ord2593
ord1063
ord1248
ord1088
ord3741
ord3749
ord6187
ord3488
ord3543
ord2106
ord1183
ord333
ord2592
ord4044
ord692
ord3562
ord4657
ord1695
ord1602
ord2105
ord6791
ord1488
ord6703
ord2081
ord5867
ord2478
ord2479
ord2504
ord5979
ord4518
ord6013
ord4405
ord4519
ord1108
ord4442
ord938
ord2537
ord4631
ord2904
ord6577
ord5167
ord4131
ord4530
ord6311
ord6579
ord1938
ord654
ord595
ord3528
ord3286
ord5664
ord1493
ord6411
ord3355
ord3186
ord310
ord818
ord911
ord1608
ord305
ord3221
ord814
ord266
ord1330
ord316
ord601
ord899
ord2676
ord2695
ord6164
ord277
ord4494
ord1333
ord3399
ord2209
ord2490
ord665
ord406
ord935
ord5851
ord1315
ord813
ord664
ord405
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord6018
ord3115
ord4905
ord4681
ord9272
ord8452
ord5663
ord1113
ord1220
ord1098
ord4211
ord7332
ord7138
ord4043
ord2597
ord1599
ord285
ord3220
ord1607
ord265
ord799
ord286
ord3185
ord811
ord296
ord909
ord1272
ord600
ord280
ord5632
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord4702
ord2069
ord1137
ord5008
ord4000
ord639
ord374
ord3794
ord5293
ord801

msvcr90

ftell
_msize
realloc
wcsncpy_s
fseek
swscanf_s
__RTDynamicCast
_wtoi
wcstoul
memmove_s
strtol
atol
_itoa_s
_beginthreadex
vsprintf_s
_recalloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcstol
_gcvt_s
_CxxThrowException
wcsrchr
wcslen
memset
memcpy
__CxxFrameHandler3
wcscmp
_wcsicmp
calloc
_purecall
_ltow_s
_ui64tow_s
_wcstoui64
_wsplitpath_s
_wtol
strcpy_s
toupper
_wtof
fwrite
_wfopen_s
memcpy_s
wcstombs_s
wcscat_s
malloc
fread
setlocale
fclose
free
?what@exception@std@@UBEPBDXZ
exit
wcscpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
atoi
_wcsnicmp
printf

kernel32

lstrcpyW
GetUserDefaultLangID
GetSystemDefaultLangID
lstrlenW
SetLastError
LoadLibraryW
GetProcAddress
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
FindFirstFileW
MulDiv
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
WideCharToMultiByte
CreateEventW
GlobalLock
GlobalUnlock
GlobalFree
ResumeThread
GlobalAlloc
CreateDirectoryW
SizeofResource
LockResource
WaitForSingleObject
SetEvent
ResetEvent
MultiByteToWideChar
FreeLibrary
lstrlenA
GetProcessHandleCount
lstrcatW
FormatMessageW
LocalFree
GetLocalTime
GetComputerNameW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
Thread32Next
OpenThread
Thread32First
GetCurrentProcessId
InterlockedExchange
UnmapViewOfFile
MapViewOfFile
InterlockedCompareExchange
GetStartupInfoW
CreateFileMappingW
GetFileSize
CloseHandle
CreateFileW
CopyFileW
SetUnhandledExceptionFilter
GetCurrentThreadId
GetTempFileNameW
GetSystemDirectoryW
GetTempPathW
RemoveDirectoryW
DeleteFileW
GetFileAttributesW
GetModuleFileNameW
VirtualProtect
Sleep
GetModuleHandleW
CreateThread
ExitThread
TerminateThread
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
LoadResource
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetLastError
VirtualAlloc
VirtualFree
FindResourceW

user32

LoadImageW
GetSystemMetrics
ReleaseDC
SendMessageW
GetClientRect
wsprintfW
DrawFocusRect
CopyRect
GetSysColor
FillRect
CreateIconFromResourceEx
CreateIconFromResource
GetFocus
SetFocus
GetParent
GetWindowRect
GetDC
GetKeyState
IsWindowVisible
PostMessageW
GetActiveWindow
SetRect
IsWindow
RegisterHotKey
SetActiveWindow
SetParent
KillTimer
UnregisterHotKey
GetNextDlgTabItem
DestroyIcon
LoadIconW
SetLayeredWindowAttributes
BringWindowToTop
CloseWindow
CopyImage
IsRectEmpty
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
EnumWindows
GetDesktopWindow
GetClassInfoW
InvalidateRect
MessageBoxW
wsprintfA
EnableWindow
SetTimer
GetWindowLongW
PtInRect
SetWindowLongW

gdi32

DeleteDC
CreateFontIndirectW
GetStockObject
BitBlt
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
SelectObject
GetObjectW
CreateSolidBrush
CreateFontW
CreateCompatibleDC

msimg32

AlphaBlend

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

comctl32

InitCommonControlsEx

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp90

?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

psapi

EnumProcessModules
GetProcessImageFileNameW
GetProcessMemoryInfo
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
WSACleanup
send
closesocket
WSAGetLastError
socket
setsockopt
htonl
bind
gethostbyname
inet_addr
htons
select
recv
connect

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

052c6a827abdd2128d24ba75d4a5642b

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

comctl32

ole32

oleaut32

msvcp90

psapi

version

ws2_32

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 367KB - Virtual size: 367KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 367KB - Virtual size: 367KB