soulsearcher | fdf0db7f6b60d7563268c15c634adb47e8eec34adfcbf9b10e973916c7517157

Sharing

Copy URL Twitter E-mail

General

Target

fdf0db7f6b60d7563268c15c634adb47e8eec34adfcbf9b10e973916c7517157
Size

190KB
MD5

be3a13aac70d2ba32d87d8fe0a422e54
SHA1

dda8d5ffd9a56e352f34fdb90714f7caf8dd1bd5
SHA256

fdf0db7f6b60d7563268c15c634adb47e8eec34adfcbf9b10e973916c7517157
SHA512

d3361d7309f62b4bb24010d98fc0dde78353c85db2ef3029290513c10e0111d55109f77f39fbc6c7e9a272f5d5b1f6b677ab13585c33d12038ef4382fdafe0d9
SSDEEP

3072:I02sCG+VSoRgEcSxgehTVo3TKwdWWXxoI8jutQatMBBoyzqQ0M8pp:4VGiSoRdGehT4TKbWXxopatQrB1qFf

Score

10^/10

soulsearcher

Malware Config

Signatures

Detect SoulSearcher backdoor 1 IoCs

resource	yara_rule
sample	family_soulsearcher

Soulsearcher family
soulsearcher

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdf0db7f6b60d7563268c15c634adb47e8eec34adfcbf9b10e973916c7517157

Files

fdf0db7f6b60d7563268c15c634adb47e8eec34adfcbf9b10e973916c7517157
.dll windows:5 windows x64 arch:x64

9314b81023865717d2af98282cde0a88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetLastError
CloseHandle
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetNativeSystemInfo
FreeLibrary
HeapAlloc
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
LoadLibraryA
VirtualProtect
GetTickCount
Sleep
GetModuleFileNameW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
WriteConsoleW
FlushFileBuffers
SetStdHandle
WriteFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
FlsSetValue
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
LCMapStringW
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
GetConsoleCP
GetConsoleMode

advapi32

CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

ServiceMain

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9314b81023865717d2af98282cde0a88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 27KB - Virtual size: 37KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 27KB - Virtual size: 37KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB