Greenbug[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

Greenbug.bin
Size

936KB
MD5

39ae8ced52d5b7b93e79c8727b5dd51c
SHA1

7f5c706ba044a4af483ddbdb7bbe2231cb29e45e
SHA256

ab4ce25341baa2cc478faf507ff28a8c93b1320f243ced073c10ad2b6c6e1476
SHA512

ebe3e99e6d9ecf8859a3afc5ba3c8932a240b7a66947d42a292e628cff575f05251f5588738bdbc16a5b9c648d00d7ac8432f424edc6458d87cafca5dd7ddcb8
SSDEEP

12288:zBJmM8sxaM2add/OP94zHA4ahi4Vr5P4XwJ8+q+qk+wFc65sYo/PkM+5rQRCLjj5:zBJmM8X8iqwD5kmrwCXMw3TgdS9E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Greenbug.bin

Files

Greenbug.bin
.exe windows:5 windows x64 arch:x64

4595293a8ae1f65a64130a9605dc76c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DecodePointer
CreateThread
SetEvent
WaitForSingleObject
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
CreateTimerQueue
CreateEventW
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
SetConsoleCtrlHandler
SetErrorMode
SetUnhandledExceptionFilter
CreateFileA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
SetFileTime
CloseHandle
FindFirstFileW
GetModuleFileNameW
CreateProcessW
GetConsoleWindow
FindNextFileW
FindClose
OpenProcess
TerminateProcess
GetFileAttributesA
GetWindowsDirectoryW
GetCurrentProcess
GetSystemInfo
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
UnmapViewOfFile
GetLocalTime
GetTickCount
SetEndOfFile
LoadLibraryW
ReadConsoleW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteFileW
WideCharToMultiByte
InitializeSListHead
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
FlushFileBuffers
SetFilePointerEx
GetFileType
MoveFileExW
LoadLibraryExW
FreeLibrary
GetStdHandle
GetCurrentThread
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
SetEnvironmentVariableA
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
SetLastError
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetCurrentThreadId
GetStringTypeW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetCPInfo
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask

user32

TranslateMessage
GetSystemMetrics
GetDC
LoadAcceleratorsW
TranslateAcceleratorW
wsprintfW
ReleaseDC
DispatchMessageW
GetDesktopWindow
GetMessageW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
StringFromGUID2

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipFree

ws2_32

recv
inet_addr
htons
socket
WSAStartup
WSACleanup
closesocket
select
sendto

psapi

GetProcessMemoryInfo
QueryWorkingSet

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4595293a8ae1f65a64130a9605dc76c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

ws2_32

psapi

Sections

.text Size: 644KB - Virtual size: 644KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 32KB - Virtual size: 32KB

.pdata Size: 32KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 644KB - Virtual size: 644KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 32KB - Virtual size: 32KB

.pdata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB