af416b2ed73655fb1d694852345279f992f34b33e8811bdbd0c984af3f9e40c2

Sharing

Copy URL

Twitter E-mail

General

Target

af416b2ed73655fb1d694852345279f992f34b33e8811bdbd0c984af3f9e40c2
Size

4.0MB
MD5

848f55a7e7ef71e339384599f2185de8
SHA1

75e8128dec4083ac57b44004ebbad5eec0e35482
SHA256

af416b2ed73655fb1d694852345279f992f34b33e8811bdbd0c984af3f9e40c2
SHA512

215713a6a2b8052faae65f75afaece0044a810a7af196d3664e87dfa0f3a220c52edff1a2ebee0e2e28a0edc9f2177a108e758230e81cda595be4765501b267f
SSDEEP

49152:SSbZs5N7bidoGoE7yoKljvBrH9pncY8aVm/:ZVoPjvBz9pp92

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af416b2ed73655fb1d694852345279f992f34b33e8811bdbd0c984af3f9e40c2

Files

af416b2ed73655fb1d694852345279f992f34b33e8811bdbd0c984af3f9e40c2
.exe windows:6 windows x64 arch:x64

c38bd71ebab29b092028ef36bbbf6bb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Debug\injector\target\release\deps\injector.pdb

Imports

ws2_32

WSAGetLastError
bind
closesocket
WSASocketW
getsockopt
ioctlsocket
recv
WSAStartup
freeaddrinfo
getpeername
WSACleanup
getaddrinfo
WSAGetOverlappedResult
WSARecv
WSASend
WSAIoctl
setsockopt

kernel32

GetProcAddress
SleepConditionVariableSRW
SetFileCompletionNotificationModes
CancelIoEx
WriteFile
ReadFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetHandleInformation
GetSystemInfo
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
QueryPerformanceFrequency
InitializeCriticalSection
LeaveCriticalSection
FindClose
GetLastError
SwitchToThread
SetLastError
GetCurrentDirectoryW
CloseHandle
GetEnvironmentVariableW
EnterCriticalSection
GetStdHandle
WaitForSingleObject
GetCurrentProcessId
WakeConditionVariable
TryEnterCriticalSection
TlsGetValue
TlsSetValue
TlsAlloc
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AddVectoredExceptionHandler
SetThreadStackGuarantee
FindNextFileW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
CreateDirectoryW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
CopyFileExW
IsProcessorFeaturePresent
GetModuleHandleW
FormatMessageW
CreateThread
GetConsoleMode
WriteConsoleW
Sleep
QueryPerformanceCounter
FileTimeToSystemTime
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleA
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

advapi32

SystemFunction036

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateStore
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertOpenStore
CertDuplicateCertificateContext

secur32

InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
FreeCredentialsHandle
EncryptMessage

vcruntime140

memcpy
memcmp
memmove
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
memset

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
exit
__p___argc
_set_app_type
_seh_filter_exe
_initterm_e
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c38bd71ebab29b092028ef36bbbf6bb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

crypt32

secur32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 133KB - Virtual size: 133KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 133KB - Virtual size: 133KB

.reloc
Size: 38KB - Virtual size: 38KB