divinedoors[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

divinedoors.exe
Size

10.3MB
MD5

58202121557645c53493e8565b1dd22a
SHA1

571e0c854428a1cdcebadce7ae81bd362b4f84af
SHA256

00366d8fc49579145dcafdf1eec6a1830d888b9faf51d00b4d99786184654145
SHA512

375ad6eb4cd7e16e80ceb0ae5a34d624fa09a41384131dad24819ca9c3eb11b257891a35fff5eea9dfab52af3f254e2e69945a954a79006b45dc433414bb3b06
SSDEEP

196608:xm27rJTJbrOFBQY7qcyRTwsJ0lD/u3s87w:FtTJbrOFBQY7qR9LJ0lD/u3s87w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
divinedoors.exe

Files

divinedoors.exe
.exe windows:6 windows x64 arch:x64

994f081932944ecf054a1f4429981442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACloseEvent
WSASend
WSAEnumNetworkEvents
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
shutdown
getsockopt
connect
closesocket
bind
WSAEventSelect
getsockname
WSASocketW
ioctlsocket
setsockopt
WSAIoctl
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
ntohs
htons
socket
__WSAFDIsSet
select
accept
htonl
listen
WSAGetLastError
send
getpeername

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertDuplicateStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptUnprotectData
CertCloseStore
CertFreeCertificateContext

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
DecryptMessage
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle

kernel32

GetTempPathA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
HeapSize
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
DeleteFileA
GetDiskFreeSpaceA
SystemTimeToFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
CloseHandle
GetUserPreferredUILanguages
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
TryAcquireSRWLockExclusive
GetLastError
GetCurrentThread
CreateMutexA
GetSystemInfo
GetCurrentProcess
IsWow64Process
lstrcmpiW
WaitForSingleObject
SetFilePointerEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
FindClose
DuplicateHandle
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetCurrentProcessId
Thread32First
Thread32Next
OpenThread
GetModuleHandleA
VirtualProtect
GetComputerNameW
ReadProcessMemory
VirtualAlloc
FormatMessageW
GetCurrentThreadId
SuspendThread
TerminateThread
GetTickCount
Sleep
DeleteFileW
GetFileInformationByHandleEx
FindNextFileW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetHandleInformation
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GetLogicalDrives
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetComputerNameExW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventA
GetSystemDirectoryA

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysAllocString
VariantClear
GetErrorInfo
SysStringLen
SysAllocStringLen
SafeArrayGetLBound

advapi32

GetUserNameW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
RegCloseKey
SystemFunction036
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
RegSetValueExW
GetTokenInformation
OpenProcessToken

ntdll

NtOpenFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlGetVersion
NtQueryInformationThread
NtQueryInformationProcess
RtlGetCurrentPeb
NtResumeThread
NtWriteFile
NtSetInformationThread
NtReadFile
NtCreateFile
NtQuerySystemInformation

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

psapi

GetModuleFileNameExW
GetPerformanceInfo
GetModuleInformation
GetModuleBaseNameW
EnumProcessModulesEx

bcrypt

BCryptGenRandom

iphlpapi

GetIfTable2
GetAdaptersAddresses
FreeMibTable
GetIfEntry2

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo

pdh

PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

vcruntime140

__CxxFrameHandler3
memset
memmove
_CxxThrowException
strchr
strrchr
memchr
strstr
__C_specific_handler
__current_exception
__current_exception_context
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strspn
strpbrk
wcslen
strcmp
strncpy
_strdup
strlen

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
realloc
_msize
calloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
_fdopen
log

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_get_initial_narrow_environment
_configure_narrow_argv
_initterm
_initterm_e
_register_onexit_function
_initialize_onexit_table
exit
_exit
__p___argc
__p___argv
_cexit
__sys_nerr
__sys_errlist
_errno
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
terminate
_endthreadex
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoll
atoi
wcstombs

api-ms-win-crt-stdio-l1-1-0

fputc
fflush
ftell
_close
_fileno
_write
_read
feof
__p__commode
__stdio_common_vswprintf
__stdio_common_vsprintf
_set_fmode
fputs
fclose
_lseeki64
fseek
fgets
_open
fopen
__stdio_common_vsscanf
__acrt_iob_func
fread
fwrite
_fseeki64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_unlink
_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

994f081932944ecf054a1f4429981442

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

secur32

kernel32

shell32

ole32

oleaut32

advapi32

ntdll

wininet

psapi

bcrypt

iphlpapi

netapi32

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 280KB - Virtual size: 279KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 280KB - Virtual size: 279KB

.reloc
Size: 47KB - Virtual size: 47KB