cryptbot | 1696-75-0x00000000003A0000-0x000000000045D000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1696-75-0x00000000003A0000-0x000000000045D000-memory.dmp
Size

756KB
MD5

3a89ede6c136367871a65fb1ee0e004c
SHA1

762aa9bc06f8a1e57dad1f8429f96e61250d5bf7
SHA256

6a098e4e0b55ca97bf2c4d98ba7d7ad084b01c133a0a25a6068b7c3b973fb7c2
SHA512

25d0f3c6f7bf6a28eef95975119b1ac1b0593168b8bc2b6ebbabdc6444075c3841f304d0e29c2ac3fa4c9378b604949480c17ff5a8c5635aa670b4cef7d64efe
SSDEEP

12288:T6z+c2YlYyWH4gNngLily7aNflaPElqenb/d+RYOIjQLCw2+pIXd3UUfhvChn53/:uI4gNnrUaTCElqen7QyOIjQLl2S4d3Xc

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

http://fygbib44.top/gate.php

Signatures

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1696-75-0x00000000003A0000-0x000000000045D000-memory.dmp

Files

1696-75-0x00000000003A0000-0x000000000045D000-memory.dmp
.exe windows:6 windows x86 arch:x86

1ba8890870a33e6a5652a3b4669d2447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
CreateFileW
DeleteFileW
GetFileSize
lstrcmpW
SetFilePointer
GetCurrentThreadId
LocalAlloc
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
LocalFree
FreeLibrary
CreateDirectoryW
GetModuleFileNameW
SetErrorMode
GetTempPathW
WaitForSingleObject
GetModuleHandleA
GlobalAlloc
GlobalFree
ExitProcess
GetComputerNameW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetFileAttributesW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
FindNextFileW
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrlenW
GetTempFileNameW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindFirstFileW
ReadFile
GlobalMemoryStatus
GetCurrentProcess
GetDiskFreeSpaceExA
GetProcAddress
GetLogicalDriveStringsA
GetLocalTime
LoadLibraryW
GetSystemInfo
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetEnvironmentVariableW
GetDriveTypeA
GetModuleHandleExW
GetSystemDefaultLCID
GetLogicalDrives
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetFileType
GetACP
GetStdHandle
GetTickCount
GetModuleHandleW
CloseHandle
Process32FirstW
Process32NextW
Sleep
CreateToolhelp32Snapshot
CreateFileA
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
RaiseException
LoadLibraryExW
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
ReadConsoleW

user32

ReleaseDC
SetThreadDesktop
MessageBoxW
GetWindowRect
GetDesktopWindow
OpenWindowStationA
SetProcessWindowStation
OpenInputDesktop
GetWindowDC
GetProcessWindowStation
GetThreadDesktop

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

advapi32

GetTokenInformation
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
ConvertSidToStringSidW
GetUserNameW
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteExW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal

crypt32

CryptUnprotectData
CertFindChainInStore
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

wininet

InternetSetOptionA
HttpEndRequestA
InternetWriteFile
HttpOpenRequestA
HttpSendRequestExA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

ws2_32

send
WSAGetLastError
getaddrinfo
closesocket
WSACleanup
ioctlsocket
freeaddrinfo
recv
connect
socket
WSAStartup

Sections

.text
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1ba8890870a33e6a5652a3b4669d2447

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

crypt32

wininet

ws2_32

Sections

.text Size: 564KB - Virtual size: 564KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 36KB - Virtual size: 36KB

.tls Size: 4KB - Virtual size: 4KB

.gfids Size: 4KB - Virtual size: 4KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 564KB - Virtual size: 564KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 36KB - Virtual size: 36KB

.tls
Size: 4KB - Virtual size: 4KB

.gfids
Size: 4KB - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 24KB