STUB_X64[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

STUB_X64.bin
Size

396KB
MD5

8fd8d18b793b92f401466f2d201e0d47
SHA1

27860be374e77619865ae968b4f1e0bf8706a52c
SHA256

ce7b7225db316dc552e3aae7e1f8c2444d8d50867805406907546e4b42b8ed5b
SHA512

30da34227d6faa270bc57eaf3ceb7d9a0f822fde1a0b0dca2a8cba63a09064832bacdc8adbdae72dbf9bc9c9b10b01327e3c50773ad41e957c816cb7ae2b0a89
SSDEEP

6144:oBX9MsrBNjBXRC7eRtqdQx6PBr5flriOdksStQ:I9MKtXRC6RtKJ9Nra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
STUB_X64.bin

Files

STUB_X64.bin
.exe windows:6 windows x64 arch:x64

9fff592d58447bde416fe91813ceb498

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Documents\Work\DemProject\Output\Clientx64\Release\Clientx64_Release_x64.pdb

Imports

kernel32

GetComputerNameA
CreateMutexA
WaitForSingleObject
GetCurrentDirectoryA
GetFileAttributesA
CreateProcessA
GetDiskFreeSpaceExA
ReadFile
WriteProcessMemory
HeapFree
TerminateProcess
Wow64SetThreadContext
Wow64GetThreadContext
ResumeThread
CreateFileA
HeapAlloc
GetThreadContext
VirtualAllocEx
GetFileSize
ReadProcessMemory
GetProcessHeap
SetThreadContext
IsWow64Process
TerminateThread
CreateThread
WriteConsoleW
SetEndOfFile
MapViewOfFile
HeapSize
CreateFileW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
CreateFileMappingA
CloseHandle
GetLastError
UnmapViewOfFile
CreateDirectoryA
Sleep
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
SetCurrentDirectoryA
GetLocaleInfoW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW

user32

RegisterClassExW
SendMessageW
PostQuitMessage
EndPaint
BeginPaint
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
GetMessageW
DispatchMessageW
DestroyWindow
CreateWindowExW
DefWindowProcW
LoadAcceleratorsW
LoadStringW

advapi32

RegOpenKeyExA
RegCloseKey
GetCurrentHwProfileA
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteA

ws2_32

send
WSACleanup
closesocket
htons
recv
connect
socket
WSAStartup
gethostbyname

iphlpapi

GetAdaptersInfo

shlwapi

PathFindFileNameA

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fff592d58447bde416fe91813ceb498

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 2KB - Virtual size: 2KB