feef583f9b7a471c7355f222775505c82561332451d4ab5435730bbd7d20f8bb

Sharing

Copy URL Twitter E-mail

General

Target

feef583f9b7a471c7355f222775505c82561332451d4ab5435730bbd7d20f8bb
Size

605KB
MD5

fe5499b8ea9901b272bcdcb62ee60898
SHA1

64dc96c901ad8ed94c38713ff5bad9a9997e30c0
SHA256

feef583f9b7a471c7355f222775505c82561332451d4ab5435730bbd7d20f8bb
SHA512

db2bf67f22c06cd2187ab537e0210c3fdf5fad4d0a3fe13e437df0baa216f75866ea37df35c593a168ab1cb77fca8bcbcb124e23c5426fdf3173dfea81371acd
SSDEEP

6144:qgOlIpYzSpUVOTjrZ89WqE1KJS6fFMQEcAOr6AHJcmMHWPpcWkYmTbVYG4ku36hX:gaU4gNmTb9u3+tnH

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feef583f9b7a471c7355f222775505c82561332451d4ab5435730bbd7d20f8bb

Files

feef583f9b7a471c7355f222775505c82561332451d4ab5435730bbd7d20f8bb
.dll windows:6 windows x64 arch:x64

165d1f4de05178bcba92f077ec490e15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\gopop\Desktop\jar2dll\x64\Release\RE146_1165.pdb

Imports

kernel32

ExitThread
GetModuleHandleA
GetLastError
CreateThread
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext

user32

MessageBoxA

vcruntime140

__std_exception_destroy
__std_type_info_destroy_list
__C_specific_handler
memset
__std_exception_copy
memcpy
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 590KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

165d1f4de05178bcba92f077ec490e15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 590KB - Virtual size: 591KB

.pdata Size: 1024B - Virtual size: 660B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 80B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 590KB - Virtual size: 591KB

.pdata
Size: 1024B - Virtual size: 660B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 80B