matanbuchus | 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2

Sharing

Copy URL

Twitter E-mail

General

Target

4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2
Size

990KB
MD5

e0ecf5e7d2a4656457fabeee2918ef38
SHA1

ca05587d9bd333a62735705ba6b3f919ea7d6d17
SHA256

4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2
SHA512

f2dc88e57feab0dcc8ad36dd313413d4735350343573f6c8721b5cae48a8ceff393dfd9bcf327d9eb4114347ad704de6dbcfffc42aa53876ba0b017011ac9ddc
SSDEEP

12288:gIgN+FmwpyU8PWyHc80gNO9kA5kA5kA5kAxMaskAZpq:gIgyp+WZ8zOtMHA

Score

10^/10

matanbuchus

Malware Config

Signatures

Matanbuchus family
matanbuchus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2

Files

4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2
.dll regsvr32 windows:6 windows x86 arch:x86

f5873173aed94fc96f286ce8b792b943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
GetPriorityClass
DisableThreadLibraryCalls
GlobalFree
LocalAlloc
LocalReAlloc
InitOnceExecuteOnce
GetConsoleCP
CreateFileW
CloseHandle
GetStringTypeW
SetFilePointerEx
SetStdHandle
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSectionEx
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
UnhandledExceptionFilter
RaiseException
LocalFree
DecodePointer
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
LCMapStringW
WriteConsoleW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW

user32

LoadStringW
GetMessageTime
DestroyWindow
ShowWindow
DefWindowProcW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

LookupAccountNameW
CveEventWrite
RevertToSelf
IsValidSid
IsValidAcl
IsTokenRestricted
InitializeAcl
ImpersonateLoggedOnUser
AllocateAndInitializeSid

shell32

SHFileOperationW
ExtractIconExW
SHSetLocalizedName

ole32

CoTaskMemAlloc
CoCancelCall

shlwapi

SHStrDupA
SHStrDupW
SHGetValueW
SHGetThreadRef
SHSetValueW

rpcrt4

RpcExceptionFilter
UuidCreate

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupOpenAppendInfFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

CPlApplet
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5873173aed94fc96f286ce8b792b943

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

setupapi

version

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 872KB - Virtual size: 871KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 872KB - Virtual size: 871KB