darkcomet | f73956b24825e1932ee9bfb396039ef42a621f9430af0f0c7f9093fa60818bdb

Sharing

Copy URL

Twitter E-mail

General

Target

f73956b24825e1932ee9bfb396039ef42a621f9430af0f0c7f9093fa60818bdb
Size

309KB
MD5

c524b0610b77a3a62667234beffe2a51
SHA1

7a0e465bfcf5aef15de8a7ce3103f163d9477960
SHA256

f73956b24825e1932ee9bfb396039ef42a621f9430af0f0c7f9093fa60818bdb
SHA512

824cb8d252cfb299727309795dc0e6dbd11c8b5f5497df02434dae74ceecee5782217ec3b60d1c3d337a8cbd344fa96bb59694dc1200cc4f1652d1ef744fd1cf
SSDEEP

6144:gTXDLhnWNZ80bXiOawCbWzdwQpxjW+9V0qw2l9RV6Z3mSb:izJWVDaZbMjlYFk6BJb

Score

10^/10

upx darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/859a7015fa498f652268f0727ca29fe7ee7281a5f7591f00ebaa4c74f0644c7b.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/859a7015fa498f652268f0727ca29fe7ee7281a5f7591f00ebaa4c74f0644c7b.exe

Files

f73956b24825e1932ee9bfb396039ef42a621f9430af0f0c7f9093fa60818bdb
.zip

Password: infected
859a7015fa498f652268f0727ca29fe7ee7281a5f7591f00ebaa4c74f0644c7b.exe
.exe windows:4 windows x86 arch:x86

327b02177598022b32d5e551f40d638a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

AnimateWindow

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

lstrlen
lstrcpy
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
TerminateProcess
SizeofResource
SetThreadLocale
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumResourceNamesA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Beep
Sleep
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
LookupAccountSidA
LookupAccountNameA
IsValidSid
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AdjustTokenPrivileges
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA
CredEnumerateA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LsaClose

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
send
recv
htons
ioctlsocket
inet_ntoa
inet_addr
htons
connect

shell32

ShellExecuteEx
ShellExecuteA
SHGetFileInfo
SHFileOperation
DragQueryFile
SHGetSpecialFolderLocation
SHGetPathFromIDList
SHGetSpecialFolderPathA
SHGetSpecialFolderPathA
SHEmptyRecycleBinA
ShellExecuteA

oleaut32

GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
VariantCopy

combase

CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoTaskMemFree
StringFromCLSID

ole32

CoInitialize
IsEqualGUID
IsEqualGUID

urlmon

URLDownloadToFileA
URLDownloadToFileA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ImageList_Add

wininet

InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
FtpPutFileA
FtpPutFileA

winmm

waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA
waveInOpen

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasEnumEntriesA

netapi32

Netbios
NetApiBufferFree
NetShareGetInfo
NetShareEnum
Netbios

ntdll

NtUnmapViewOfSection
NtQuerySystemInformation
NtUnmapViewOfSection
NtQuerySystemInformation

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipFree

avicap32

capGetDriverDescriptionA
capGetDriverDescriptionA
capGetDriverDescriptionA

shfolder

SHGetFolderPathA
SHGetFolderPathA

ws2_32

WSAIoctl
WSAIoctl
send

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
acmStreamSize

pstorec

PStoreCreateInstance
PStoreCreateInstance

url

InetIsOffline
InetIsOffline

gdi32

SaveDC

Sections

UPX0
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

327b02177598022b32d5e551f40d638a

Headers

File Characteristics

Imports

user32

version

kernel32

advapi32

wsock32

shell32

oleaut32

combase

ole32

urlmon

comctl32

wininet

winmm

rasapi32

netapi32

ntdll

gdiplus

avicap32

shfolder

ws2_32

msacm32

pstorec

url

gdi32

Sections

UPX0 Size: 484KB - Virtual size: 484KB

UPX1 Size: 232KB - Virtual size: 232KB

.rsrc Size: 15KB - Virtual size: 15KB

UPX0
Size: 484KB - Virtual size: 484KB

UPX1
Size: 232KB - Virtual size: 232KB

.rsrc
Size: 15KB - Virtual size: 15KB