Static task
static1
General
-
Target
divinedoors.exe
-
Size
10.3MB
-
MD5
a50a867404f9d62b85759e4be375f0ad
-
SHA1
e370384b8c5f76d9eb51492b9bec9dfdbb2a032e
-
SHA256
694fb96834aa42b81be88c309b9518d284813c60541a48f6e945e21e71df09ee
-
SHA512
0caf88217db36841d682f8caec0b242a01a8691b4151cb4e7470eaa087fb720cd0f8979b3e42daf8ca928a77bf32f60b23ee67338b18116ff3c4beffb2954c7a
-
SSDEEP
196608:mG/CzllRn2N6g8IWcnAkdTtMRZUEz3uNJgYRzy:9/8lb2N6g8IWcnAuRqZUEz3ufgYB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource divinedoors.exe
Files
-
divinedoors.exe.exe windows:6 windows x64 arch:x64
468e5e515543519715bcdd964cc46582
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
WSACloseEvent
WSASend
WSAEnumNetworkEvents
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
shutdown
getsockopt
connect
closesocket
bind
WSAEventSelect
getsockname
WSASocketW
ioctlsocket
setsockopt
WSAIoctl
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
ntohs
htons
socket
__WSAFDIsSet
select
accept
htonl
listen
WSAGetLastError
send
getpeername
crypt32
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertDuplicateStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CryptUnprotectData
secur32
LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
DecryptMessage
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle
kernel32
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
HeapSize
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
DeleteFileA
GetFileAttributesExW
SystemTimeToFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
CloseHandle
GetUserPreferredUILanguages
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindClose
SetFilePointerEx
GetLastError
GetCurrentThread
CreateMutexA
GetSystemInfo
GetCurrentProcess
IsWow64Process
lstrcmpiW
WaitForSingleObject
AddVectoredExceptionHandler
SetThreadStackGuarantee
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
SwitchToThread
TryAcquireSRWLockExclusive
DeleteFileW
GetFileInformationByHandleEx
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetCurrentProcessId
Thread32First
Thread32Next
OpenThread
GetModuleHandleA
VirtualProtect
GetComputerNameW
ReadProcessMemory
VirtualAlloc
FormatMessageW
DuplicateHandle
GetCurrentThreadId
SuspendThread
TerminateThread
GetTickCount
Sleep
CreateWaitableTimerExW
SetWaitableTimer
FindNextFileW
CreateDirectoryW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetHandleInformation
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GetLogicalDrives
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetComputerNameExW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventA
GetSystemDirectoryA
shell32
SHGetKnownFolderPath
CommandLineToArgvW
ole32
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
ntdll
NtQueryInformationProcess
NtResumeThread
RtlGetVersion
RtlGetCurrentPeb
RtlNtStatusToDosError
NtDeviceIoControlFile
NtWriteFile
NtCreateFile
NtSetInformationThread
NtOpenFile
NtCancelIoFileEx
NtQueryInformationThread
NtReadFile
NtQuerySystemInformation
wininet
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
advapi32
RegSetValueExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
RegCloseKey
SystemFunction036
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
psapi
GetModuleBaseNameW
GetPerformanceInfo
GetModuleFileNameExW
GetModuleInformation
EnumProcessModulesEx
oleaut32
SafeArrayGetUBound
SysFreeString
VariantClear
GetErrorInfo
SysStringLen
SafeArrayAccessData
SysAllocStringLen
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocString
bcrypt
BCryptGenRandom
iphlpapi
GetIfEntry2
GetAdaptersAddresses
FreeMibTable
GetIfTable2
netapi32
NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree
pdh
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryA
PdhRemoveCounter
PdhCollectQueryData
powrprof
CallNtPowerInformation
vcruntime140
memcmp
memset
memmove
_CxxThrowException
strchr
strrchr
memchr
strstr
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
memcpy
api-ms-win-crt-string-l1-1-0
strcspn
strncmp
strspn
strpbrk
wcslen
strcmp
strncpy
_strdup
strlen
api-ms-win-crt-heap-l1-1-0
malloc
realloc
free
_set_new_mode
_msize
calloc
api-ms-win-crt-math-l1-1-0
_fdopen
log
pow
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
_c_exit
_crt_atexit
terminate
_get_initial_narrow_environment
_register_onexit_function
_initterm
_register_thread_local_exe_atexit_callback
exit
_exit
__p___argc
_initialize_narrow_environment
__p___argv
__sys_nerr
__sys_errlist
_errno
_initialize_onexit_table
_beginthreadex
_set_app_type
_initterm_e
_cexit
_configure_narrow_argv
_endthreadex
_seh_filter_exe
api-ms-win-crt-convert-l1-1-0
wcstombs
atoi
strtol
strtoul
strtoll
api-ms-win-crt-stdio-l1-1-0
fputc
fflush
ftell
_close
_fileno
_write
_read
feof
__p__commode
__stdio_common_vswprintf
__stdio_common_vsprintf
_set_fmode
fputs
fclose
_lseeki64
fseek
fgets
_open
fopen
__stdio_common_vsscanf
__acrt_iob_func
fread
fwrite
_fseeki64
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_localtime64_s
strftime
_gmtime64
_time64
api-ms-win-crt-filesystem-l1-1-0
_access
_unlink
_stat64
_fstat64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 7.4MB - Virtual size: 7.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ