divinedoors[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

divinedoors.exe
Size

10.3MB
MD5

4a3649b4c3c55a312f6aff69a92dbded
SHA1

7f092d459dd91c77ed0bed4ae9b2bb89b658dc0d
SHA256

8152a6bdd8f02a955ef53fa92b97c36f0273055a09903add6689a07cfc4e4100
SHA512

79c3b2b994a8f824e84fd401fe943125bc24032235cd820c327337f3cbc8260ad74aeb10ff920bb39e7c7723cf8ec3075ecb6f881668f4cb36f01de5dfcec115
SSDEEP

196608:azdrKZQPGssVk2HIsD+yGNvOvvuGqFYKT:a5eZQPGssVk2Hr6fNvOvvuG6YKT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
divinedoors.exe

Files

divinedoors.exe
.exe windows:6 windows x64 arch:x64

c28b0e11d6db79c1cf0ca3736a445f79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACloseEvent
WSASend
WSAEnumNetworkEvents
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
shutdown
getsockopt
connect
closesocket
bind
WSAEventSelect
getsockname
WSASocketW
ioctlsocket
setsockopt
WSAIoctl
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
ntohs
htons
socket
__WSAFDIsSet
select
accept
htonl
listen
WSAGetLastError
send
getpeername

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertDuplicateStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CryptUnprotectData

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
DecryptMessage
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle

kernel32

GetTempPathA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
HeapSize
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
DeleteFileA
GetDiskFreeSpaceA
SystemTimeToFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
CloseHandle
GetUserPreferredUILanguages
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteFileW
GetLastError
GetFileInformationByHandleEx
SetFilePointerEx
FindClose
GetCurrentProcessId
SwitchToThread
GetTickCount
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
Thread32First
GetCurrentThreadId
OpenThread
SuspendThread
TerminateThread
Thread32Next
FindNextFileW
TryAcquireSRWLockExclusive
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetComputerNameW
ReadProcessMemory
GetCurrentProcess
IsWow64Process
VirtualAlloc
FormatMessageW
GetCurrentThread
CreateMutexA
lstrcmpiW
WaitForSingleObject
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetExitCodeProcess
CreateDirectoryW
DuplicateHandle
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetHandleInformation
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GetLogicalDrives
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetComputerNameExW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventA
GetSystemDirectoryA

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

advapi32

GetTokenInformation
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
GetUserNameW
RegEnumKeyExW
RegQueryValueExW
IsValidSid
RegCloseKey
SystemFunction036
CopySid
LookupAccountSidW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
GetLengthSid

oleaut32

GetErrorInfo
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound

ntdll

RtlGetCurrentPeb
NtResumeThread
NtOpenFile
NtSetInformationThread
RtlNtStatusToDosError
NtQuerySystemInformation
NtQueryInformationThread
RtlGetVersion
NtQueryInformationProcess
NtReadFile
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile

psapi

EnumProcessModulesEx
GetModuleInformation
GetPerformanceInfo
GetModuleBaseNameW
GetModuleFileNameExW

bcrypt

BCryptGenRandom

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

iphlpapi

FreeMibTable
GetIfTable2
GetAdaptersAddresses
GetIfEntry2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhAddEnglishCounterW
PdhOpenQueryA

powrprof

CallNtPowerInformation

vcruntime140

__CxxFrameHandler3
memset
memmove
_CxxThrowException
strchr
strrchr
memchr
strstr
__C_specific_handler
__current_exception
__current_exception_context
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strncpy
wcslen
strcmp
strspn
_strdup
strpbrk
strlen

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
realloc
_set_new_mode
_msize

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
_fdopen
log

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_endthreadex
terminate
_seh_filter_exe
_crt_atexit
__sys_errlist
_register_onexit_function
_configure_narrow_argv
_initialize_onexit_table
_initialize_narrow_environment
exit
_get_initial_narrow_environment
_initterm
_errno
_set_app_type
__sys_nerr
_exit
__p___argc
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_cexit
_initterm_e

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
atoi
strtoul
wcstombs

api-ms-win-crt-stdio-l1-1-0

fgets
_open
_set_fmode
fopen
_lseeki64
__stdio_common_vsprintf
__p__commode
fputc
__stdio_common_vsscanf
fflush
ftell
feof
__stdio_common_vswprintf
_read
_write
_fileno
_close
fputs
fclose
fseek
__acrt_iob_func
fread
fwrite
_fseeki64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_access
_fstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c28b0e11d6db79c1cf0ca3736a445f79

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

secur32

kernel32

shell32

ole32

advapi32

oleaut32

ntdll

psapi

bcrypt

wininet

iphlpapi

netapi32

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 280KB - Virtual size: 279KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 280KB - Virtual size: 279KB

.reloc
Size: 47KB - Virtual size: 47KB