2edd928dd04202b29b104e861df3dcda41ec16b98a6322b6d2c72bd0e2b0e770

Sharing

Copy URL Twitter E-mail

General

Target

2edd928dd04202b29b104e861df3dcda41ec16b98a6322b6d2c72bd0e2b0e770
Size

821KB
MD5

547c000aba8cf5873858938eea9f7e5b
SHA1

8784dd37a1d7344a888611f3740244567c0011ea
SHA256

2edd928dd04202b29b104e861df3dcda41ec16b98a6322b6d2c72bd0e2b0e770
SHA512

1f5cd9be704e1f0e617a9afc567f6900cde6a121830aba8df2988eb97eccbba3b8dc83f573fa3b51720fa31e86251a2dbec5442e3aef85cc41cc16ea0989088f
SSDEEP

24576:ABqhU1PKUx5zLye5IIZ5hPPeAip1CoW3kGzKSsCwyExWt:ABqhU1PKU3PJop0oWzK5Cwy

Score

10^/10

Malware Config

Signatures

Detects Reflective DLL injection artifacts 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_ReflectiveLoader

Detects executables referencing combination of virtualization drivers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_VirtDrvComb

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2edd928dd04202b29b104e861df3dcda41ec16b98a6322b6d2c72bd0e2b0e770

Files

2edd928dd04202b29b104e861df3dcda41ec16b98a6322b6d2c72bd0e2b0e770
.dll windows:6 windows x64 arch:x64

46eda7f8cad75ebc780411de8163f7f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
Process32NextW
OutputDebugStringW
CreateFileA
Process32FirstW
GetSystemInfo
GetLogicalDriveStringsA
GetProcAddress
LocalFree
GlobalMemoryStatusEx
CreateProcessA
GetDiskFreeSpaceExA
lstrcmpiW
GetTickCount
IsDebuggerPresent
CreateThread
ExitProcess
GetComputerNameExA
ReadFile
WriteProcessMemory
CreateMutexA
WaitForSingleObject
GetComputerNameExW
OpenMutexA
LoadLibraryA
VirtualAllocEx
GetFileSize
GetCurrentProcessId
CreateSemaphoreW
GetComputerNameA
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
GetLastError
GetSystemTime
lstrlenW
FindFirstFileW
Sleep
CreateToolhelp32Snapshot
GetModuleHandleA
LocalAlloc
GetDriveTypeA
DeviceIoControl
GetStdHandle
GetCurrentProcess
SetLastError
GetModuleFileNameA
MapViewOfFile
CreateFileMappingA
CloseHandle
OpenProcess
WriteConsoleW
HeapSize
GetTimeZoneInformation
GetStringTypeW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
GetFileSizeEx
LCMapStringW
CompareStringW
GetConsoleCP
ReleaseSemaphore
TerminateProcess
IsWow64Process
MultiByteToWideChar
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
ResumeThread
ExitThread
QueueUserAPC
VirtualProtectEx
GetThreadContext
CreateRemoteThread
SetThreadContext
OpenMutexW
OpenFileMappingA
QueryPerformanceCounter
FreeLibrary
SleepEx
WideCharToMultiByte
GetSystemDirectoryW
LoadLibraryW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
FormatMessageA
ExpandEnvironmentStringsA
GetCurrentThreadId
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetModuleHandleExW
SetFilePointerEx
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
WriteFile
RtlUnwind

user32

FindWindowA
GetCursorPos

advapi32

CryptDestroyHash
GetTokenInformation
OpenProcessToken
LookupAccountSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
RegGetValueA
RegCloseKey
RegQueryValueExA
GetUserNameA
RegOpenKeyExA

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wininet

InternetQueryOptionW

ws2_32

htons
setsockopt
WSAGetLastError
WSAStartup
recv
connect
socket
inet_addr
closesocket
bind
ioctlsocket
sendto
listen
select
accept
getaddrinfo
freeaddrinfo
WSASetLastError
WSAIoctl
__WSAFDIsSet
htonl
send
WSACleanup
getsockopt
ntohs
getsockname
getpeername

iphlpapi

GetTcpTable

psapi

GetModuleFileNameExA
GetProcessMemoryInfo
GetModuleBaseNameA
EnumProcesses
EnumProcessModulesEx

Exports

Exports

ReflectiveLoader
boat
launch
prepare

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46eda7f8cad75ebc780411de8163f7f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

winhttp

wininet

ws2_32

iphlpapi

psapi

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 656KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 29KB - Virtual size: 56KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 656KB - Virtual size: 656KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 29KB - Virtual size: 56KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB