MoneyGrabber[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

MoneyGrabber.exe
Size

369KB
MD5

782522ffec6918e07c3e153a604476de
SHA1

f49b43cebd12559c6dcac7fbcb739413ccf10b5d
SHA256

deeeb30e5f0be778456f342e00fdeeeff8fb01fba7ebfff09c2154b961dc36d1
SHA512

55a17f1df0666f0ff5d7ea560f553e87908fb292b319368254487a17a007aa8191d1908bf2bc94c7b239711e3dc411d57bc27cfd32ee7af26caec426b105e7bc
SSDEEP

6144:y1q1eajrFwRhKQECsXxGKu6ohB9IprsZWrjOcZmboj:JhjrFwJshvu6ygS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MoneyGrabber.exe

Files

MoneyGrabber.exe
.exe windows:6 windows x64 arch:x64

e66278f854c104d7b78ef218d184f1c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bof_server.pdb

Imports

ws2_32

WSACleanup
WSAGetLastError
WSASocketW
WSAStartup
accept
bind
closesocket
freeaddrinfo
getaddrinfo
listen
recv
send
shutdown
socket

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp
strncpy

kernel32

AcquireSRWLockExclusive
CloseHandle
CreatePipe
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetExitCodeProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
ReadFile
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile

ole32

CoInitializeEx
CoUninitialize

ntdll

NtAssignProcessToJobObject
NtClose
NtCreateJobObject
NtResumeThread
NtSetInformationJobObject
NtTerminateProcess
RtlCloneUserProcess
RtlWaitOnAddress
RtlWakeAddressAll

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 67B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e66278f854c104d7b78ef218d184f1c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

ole32

ntdll

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 75KB - Virtual size: 75KB

.buildid Size: 512B - Virtual size: 67B

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 7KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 24B

.reloc Size: 512B - Virtual size: 224B

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 75KB - Virtual size: 75KB

.buildid
Size: 512B - Virtual size: 67B

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 7KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 224B