soulsearcher | a6f75af45c331a3fac8d2ce010969f4954e8480cbe9f9ea19ce3c51c44d17e98

Sharing

Copy URL Twitter E-mail

General

Target

a6f75af45c331a3fac8d2ce010969f4954e8480cbe9f9ea19ce3c51c44d17e98
Size

199KB
MD5

696879e529ac15886dc898a0cd471e9e
SHA1

7e2665aaae2eaeb38bb345aa0f8657672441e885
SHA256

a6f75af45c331a3fac8d2ce010969f4954e8480cbe9f9ea19ce3c51c44d17e98
SHA512

70f3dab208cf714f0d4fca9b5b6b5f12c5d42e39d61df473f3b6c30f1e8bfa255cfc3131a2eb87fd9b83856ebbcc10050556b5987a0e3803daaec5f0df26200d
SSDEEP

6144:rVvkRfk/nqnEOGlTPYrmhls2mRSe5V/s/:rFqHnEdOLS0A

Score

10^/10

soulsearcher

Malware Config

Signatures

Detect SoulSearcher backdoor 1 IoCs

resource	yara_rule
sample	family_soulsearcher

Soulsearcher family
soulsearcher

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6f75af45c331a3fac8d2ce010969f4954e8480cbe9f9ea19ce3c51c44d17e98

Files

a6f75af45c331a3fac8d2ce010969f4954e8480cbe9f9ea19ce3c51c44d17e98
.dll windows:5 windows x64 arch:x64

6f49d3c0c4840e48dc856e80d4d6720b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
SetFilePointer
WriteFile
CreateFileW
GetLastError
CloseHandle
DeleteFileW
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
LoadLibraryA
VirtualProtect
GetCurrentThreadId
GlobalLock
GlobalAlloc
LoadLibraryW
Sleep
GlobalUnlock
GlobalFree
WriteConsoleW
SetStdHandle
HeapReAlloc
EncodePointer
DecodePointer
FlsSetValue
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers

ole32

CreateStreamOnHGlobal

shlwapi

PathFileExistsW

xmllite

CreateXmlReader

Exports

Exports

WlbsConnectionUp

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f49d3c0c4840e48dc856e80d4d6720b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shlwapi

xmllite

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 26KB - Virtual size: 39KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 26KB - Virtual size: 39KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 2KB - Virtual size: 1KB