058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23

Sharing

Copy URL Twitter E-mail

General

Target

058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23
Size

6.6MB
MD5

820575f6735ab0982d289f45c95f7cc1
SHA1

9d12c3409e1c1ebb66b84634bb4867587d546930
SHA256

058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23
SHA512

8af2d1c7c41d41455f0262b5949a9e6a7732c683412b3e2580c36e2ecb972d6bccf337b65a1ec267e7b1885b0dc57c742933edd5c5f471257951ab492ca01433
SSDEEP

98304:8Xda4fihsblWqs4E6sluKIk3XqaX9y+MRwv:StDUqs4E6skKIkqCgIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23

Files

058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23
.exe windows:6 windows x64 arch:x64

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\4\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
SetHandleInformation
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

accept
listen
connect
bind
WSASocketW
getpeername
getsockname
getaddrinfo
getsockopt
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
socket
WSAGetLastError
freeaddrinfo
shutdown
ioctlsocket
recv
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SystemFunction036
ConvertSidToStringSidA
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegQueryValueExW

psapi

GetModuleFileNameExA

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

psapi

oleaut32

bcrypt

ntdll

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 16KB - Virtual size: 22KB

.pdata Size: 219KB - Virtual size: 219KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 219KB - Virtual size: 219KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 53KB - Virtual size: 52KB