boiler[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

boiler.exe
Size

1.3MB
MD5

e0355e58f7da3f2fde1121499a5e94ba
SHA1

e890feaf7c6ede45096fe11e4b642c7ff7f70719
SHA256

9eb2896b47beea1f3a903cc8db11ceadc5e21ef9e20469bf37ef2936f2df104f
SHA512

11eae14e05562603092e55d652080921b7a0983721d4e64847d649f92bd6d295e3c707fe8a2df1f6af1eb2c63d6c27bac80078dc9493cef362bca6b677c940ba
SSDEEP

12288:TOuKa4aCRk3XsrD8JLJEyc48f6S5UNvaglfgSfwy6FIuzF/rLbG:TO+4a3maJEycr57qfg/y6SuzF/y

Score

1^/10

Malware Config

Signatures

Files

boiler.exe
.exe windows:6 windows x86 arch:x86

c2f3577f84cfda693cbe00a04c0649de

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:19:65:52:78:c4:b4:ba:77:a7:6f:16:bf:32:f5:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-07-2025 23:59

Subject

SERIALNUMBER=64147894,CN=Ferox Games B.V.,O=Ferox Games B.V.,L=Naarden,ST=Noord-Holland,C=NL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e4c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:5e:05:a1:96:3f:be:3b:1b:3b:b0:01:d3:44:4a:1c:9e:46:b0:d7:d8:62:d0:00:1b:07:fd:79:29:f3:83:e8
Signer

Actual PE Digest

2e:5e:05:a1:96:3f:be:3b:1b:3b:b0:01:d3:44:4a:1c:9e:46:b0:d7:d8:62:d0:00:1b:07:fd:79:29:f3:83:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

steam_api

SteamAPI_GetHSteamUser
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamInternal_CreateInterface
SteamAPI_GetHSteamPipe
SteamInternal_SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_Shutdown
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_RunCallbacks

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
UnhandledExceptionFilter

msvcp140

??1_Lockit@std@@QAE@XZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Thrd_join
_Thrd_sleep
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??0_Lockit@std@@QAE@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_timedwait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_purecall
__std_terminate
__RTDynamicCast
memchr
strchr
__current_exception
__current_exception_context
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
_register_onexit_function
_errno
_crt_atexit
_controlfp_s
_beginthreadex
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_cexit
_c_exit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__p__commode
__stdio_common_vfprintf
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
_set_fmode
_get_stream_buffer_pointers
fgetpos
fgetc
fflush
fclose

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtoull
strtol
atoi
strtoul
_strtoi64
_strtoui64
strtod

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2f3577f84cfda693cbe00a04c0649de

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:19:65:52:78:c4:b4:ba:77:a7:6f:16:bf:32:f5:b8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2e:5e:05:a1:96:3f:be:3b:1b:3b:b0:01:d3:44:4a:1c:9e:46:b0:d7:d8:62:d0:00:1b:07:fd:79:29:f3:83:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

steam_api

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 19KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 60KB - Virtual size: 60KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:19:65:52:78:c4:b4:ba:77:a7:6f:16:bf:32:f5:b8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2e:5e:05:a1:96:3f:be:3b:1b:3b:b0:01:d3:44:4a:1c:9e:46:b0:d7:d8:62:d0:00:1b:07:fd:79:29:f3:83:e8
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 19KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 60KB - Virtual size: 60KB