Edebiyat[.]rar

Resubmissions

29/03/2024, 12:38

240329-pt1nxahe42 7

Sharing

Copy URL Twitter E-mail

General

Target

Edebiyat.rar
Size

16.1MB
MD5

b00b306b3971dbb165db315d9872da91
SHA1

bc4ec817a6f8474ee332c2ae2a3aced4e700c1ae
SHA256

f85bb7e93fa81261bef931223fa95529b07aeee4b3cfd9def73281e113d17385
SHA512

e61e8101703d0dcd16ca4391194d2ccd2ae2e66dda6a2ca1dcc4eaf7d3952ee46bc7f7057c69d0c5272781da82a2a9540d8d5b7a5da2550fcd7afb44f3483cf4
SSDEEP

393216:1B2S6aNuzh1wGCigV9NxyN8Jeh/6lrFgGjaN8+44vznOX:1B2S6aAh1cXyuJE/69ON8+vq

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Edebiyat/Injector.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Edebiyat/0dil3hgnt7k6.exe
unpack001/Edebiyat/Injector.exe

Files

Edebiyat.rar
.rar
Edebiyat/0dil3hgnt7k6.exe
.exe windows:6 windows x64 arch:x64

a98fcc30097a9893402b8be27c43a74b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dx9_43

D3DXMatrixTranspose

dwmapi

DwmExtendFrameIntoClientArea

user32

FindWindowA
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DispatchMessageA
LoadCursorA
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetWindowThreadProcessId
GetWindowRect

kernel32

HeapReAlloc
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
SetConsoleTitleA
GetCurrentProcess
GetTickCount64
K32GetModuleBaseNameA
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
IsValidCodePage
AreFileApisANSI
GetLastError
GetModuleHandleW
MoveFileExW
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetEndOfFile
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TlsGetValue
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
SetStdHandle
HeapSize
WriteConsoleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext

d3dcompiler_43

D3DCompile

Sections

.text
Size: 701KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Edebiyat/Injector.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cstealer.pyc
Edebiyat/config.json
Edebiyat/start.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a98fcc30097a9893402b8be27c43a74b

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dx9_43

dwmapi

user32

kernel32

imm32

d3dcompiler_43

Sections

.text Size: 701KB - Virtual size: 701KB

.rdata Size: 649KB - Virtual size: 648KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 3KB - Virtual size: 3KB

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 701KB - Virtual size: 701KB

.rdata
Size: 649KB - Virtual size: 648KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 2KB - Virtual size: 1KB