bitrat | 71eb4c27855079bd19866cba9ef2c5f1

Sharing

Copy URL

Twitter E-mail

General

Target

71eb4c27855079bd19866cba9ef2c5f1
Size

3.8MB
MD5

71eb4c27855079bd19866cba9ef2c5f1
SHA1

ba7f626452323d85f20fb796b6e6d435a979e9ec
SHA256

48c51dddfa0bca653fe6adc5c0508fe9ffdd38f297599027d1664e4a79ebff8a
SHA512

ddbda8e486e0db5143160037e906a76c34bb891194e2671f21ff4d82b1a5d14c81ded7a5dc3336e726e80e384e1948a0b79a5243a753dfac8c8cad5f465a1d5f
SSDEEP

49152:gXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIN:gXrEeZzdhjuV/gd1VzsGUqNKTHvQejR

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.35

hureseyd.top:443

Attributes

communication_password
25d55ad283aa400af464c76d713c07ad
install_dir
Microsoft Defender Updates
install_file
msdefender.exe
tor_process
tor

Signatures

Bitrat family
bitrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

71eb4c27855079bd19866cba9ef2c5f1

resource
71eb4c27855079bd19866cba9ef2c5f1

Files

71eb4c27855079bd19866cba9ef2c5f1
.exe windows:5 windows x86 arch:x86

71955ccbbcbb24efa9f89785e7cce225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
PostQueuedCompletionStatus
FormatMessageW
GetLastError
SetEvent
TlsAlloc
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
TlsFree
FormatMessageA
CreateEventA
GetCurrentProcess
GetSystemTimes
GetTickCount64
GetProcessTimes
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
CreateEventW
MultiByteToWideChar
TerminateThread
QueueUserAPC
GetProcAddress
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
GetSystemTimeAsFileTime
CreateIoCompletionPort
CreateDirectoryW
ReadFile
SizeofResource
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
WriteProcessMemory
FindFirstFileExW
SetPriorityClass
VirtualFree
GetFullPathNameW
FindNextFileW
lstrlenW
WriteFile
Wow64DisableWow64FsRedirection
GetSystemDefaultUILanguage
GetDiskFreeSpaceW
VirtualAlloc
TerminateProcess
GetDriveTypeA
GetModuleFileNameW
GetUserDefaultLocaleName
GetProcessId
K32GetModuleFileNameExW
GetProductInfo
Thread32Next
GetTempPathW
CreateMutexW
Thread32First
FindClose
GetLocaleInfoW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
K32GetProcessImageFileNameW
SuspendThread
GetSystemDirectoryW
ResumeThread
lstrcatA
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Sleep
CopyFileA
Process32NextW
K32GetProcessMemoryInfo
CreateFileA
GetCurrentThread
LoadLibraryA
LockResource
GlobalAlloc
Process32FirstW
GlobalFree
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
SetFileAttributesA
GetThreadContext
GetPriorityClass
GlobalLock
VirtualAllocEx
MoveFileExW
GetFileSize
ExitProcess
ReadProcessMemory
GetComputerNameW
FindFirstStreamW
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
GetModuleHandleW
WinExec
CreateRemoteThread
QueryFullProcessImageNameW
CreateProcessA
DebugBreak
SetThreadContext
FindNextStreamW
GetTickCount
GlobalUnlock
GetDriveTypeW
GetFileTime
OpenThread
GetExitCodeProcess
Beep
CreatePipe
PeekNamedPipe
GetStartupInfoA
lstrcpyA
CreateThread
CreateTimerQueueTimer
VirtualProtect
GetCommandLineW
DeviceIoControl
GetEnvironmentVariableW
GetExitCodeThread
FreeLibrary
IsDebuggerPresent
CreateTimerQueue
EncodePointer
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceCounter
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
GetCPInfo
CompareStringW
LCMapStringW
OutputDebugStringW
InitializeCriticalSection
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ResetEvent
ReleaseSemaphore
OpenEventA
GetLogicalProcessorInformation
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateDirectoryExW
GetFileSizeEx
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwind
SetConsoleCtrlHandler
ExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
WriteConsoleW
SetEnvironmentVariableA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

71955ccbbcbb24efa9f89785e7cce225

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 687KB - Virtual size: 686KB

.data Size: 72KB - Virtual size: 103KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.reloc Size: 146KB - Virtual size: 146KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 72KB - Virtual size: 103KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 146KB - Virtual size: 146KB