soulsearcher | 3cb4887bec169c75f58bc4ed1c6fd3703cc46512596e62186cf8329448dbb47b

Sharing

Copy URL Twitter E-mail

General

Target

3cb4887bec169c75f58bc4ed1c6fd3703cc46512596e62186cf8329448dbb47b
Size

107KB
MD5

f60562e3b95449607711111b8dd2ac99
SHA1

ed690a7bcdf3332fe83ad15f004083f6224f9b98
SHA256

3cb4887bec169c75f58bc4ed1c6fd3703cc46512596e62186cf8329448dbb47b
SHA512

9b4f16aa056ebfb15c2fed6fb4caa0bfde4bd15ec7f83e2f7346ec4d862eff56e90014d3cb23e525707472ca8eb0a6a25b89e061040f2b988c9f9cb6cca76bb2
SSDEEP

1536:n+1tHtYR7Nmj6NZ0+uBTBTRYK1x9+IuTR/IjzLyIkM1U5ZjSrIDRo:n+1O4jf+0YmLu1/Oz1SZjSrIDS

Score

10^/10

soulsearcher

Malware Config

Signatures

Detect SoulSearcher backdoor 1 IoCs

resource	yara_rule
sample	family_soulsearcher

Soulsearcher family
soulsearcher

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb4887bec169c75f58bc4ed1c6fd3703cc46512596e62186cf8329448dbb47b

Files

3cb4887bec169c75f58bc4ed1c6fd3703cc46512596e62186cf8329448dbb47b
.dll windows:5 windows x86 arch:x86

ee2e1f2037bb3d28b11896ae417a930d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
DeleteCriticalSection
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
LeaveCriticalSection
GetProcAddress
LoadLibraryA
VirtualProtect
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
lstrcpyW
GetCommandLineW
Sleep
GetModuleFileNameW
WriteConsoleW
SetStdHandle
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
CreateFileW
WriteFile
SetFilePointer
SetLastError
FlushFileBuffers
GetCurrentThreadId
HeapReAlloc
EncodePointer
DecodePointer
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
RtlUnwind
GetConsoleCP
GetConsoleMode

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

Exports

Exports

ServiceMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee2e1f2037bb3d28b11896ae417a930d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB