andardoor | 8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f

Sharing

Copy URL

Twitter E-mail

General

Target

8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
Size

140KB
MD5

0a09b7f2317b3d5f057180be6b6d0755
SHA1

dfe5d75ed31b6cfc2cceebb1404d3eabc02f0021
SHA256

8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
SHA512

03391a7d40a4af3ea61ad18662b47f3b68a8a508590c71d10d60ecd958376c1ac741d9972f3e6486c70f645e70b7401b01e272f1fe12d3ca5f0fba0c577f04ab
SSDEEP

3072:6hOJKdwPHuGj5JyOMhZleupcr776bScyicbYDWIG4faOvSK:N0w5yOMnTpcrf4l/oYE

Score

10^/10

andardoor

Malware Config

Signatures

Andardoor family
andardoor

Detects Andardoor payload 1 IoCs

resource	yara_rule
sample	family_andardoor_v1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f

Files

8daa6b20caf4bf384cc7912a73f243ce6e2f07a5cb3b3e95303db931c3fe339f
.exe windows:6 windows x64 arch:x64

0f5fc47d8bdbdd3a7fd1dff401388a5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
GetLogicalDrives
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
DeleteFileW
LocalSize
LocalFree
GetFileSize
LocalReAlloc
GetDriveTypeW
GetComputerNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
TerminateProcess
CreatePipe
PeekNamedPipe
GetSystemDirectoryW
CreateProcessW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetTempPathA
WriteFile
GetModuleFileNameA
DeleteCriticalSection
CreateThread
CloseHandle
Sleep
InitializeCriticalSection
GetProcessHeap
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
GetFileType
WriteConsoleW
HeapAlloc
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

GetDesktopWindow
ReleaseDC
wsprintfW
GetForegroundWindow
GetDC
GetWindowInfo

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SelectObject
GetDIBits
DeleteObject

advapi32

GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteA
SHGetFileInfoW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit

ws2_32

closesocket
gethostbyname
WSACleanup
WSAStartup
send
socket
connect
recv
htons
shutdown
WSAIoctl
setsockopt

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f5fc47d8bdbdd3a7fd1dff401388a5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

gdiplus

iphlpapi

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 5KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 192B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 192B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB