revival[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

revival.exe
Size

2.4MB
MD5

db9b276c083972817526e6eaa1f57f41
SHA1

b5da0e9c8608b3ae78976590af0490589e3bfb6f
SHA256

952cb38f5a3ef306e081be97b35e287a45acd3f399b195d3447b2a0b1cc7f7aa
SHA512

9f46d19be0ad712cd742d5a61484f55ff44633362166c6c96af7621780891e266f8e2eaab856a9c96f6f0ccaf483d625bc9081776c2f2e0292da0cbc5768b5b8
SSDEEP

49152:SODDR6ZitqtBUwr9sP6Mhu+0soxx0PnTrSUm6nTr:SOpwww5s00Dnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
revival.exe

Files

revival.exe
.exe windows:6 windows x64 arch:x64

298cee05200726ed1dd55112a9d75d4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\micro\Downloads\Revival skibidi source code so kawaii gangster sigma\output\build\v2.pdb

Imports

kernel32

PeekNamedPipe
WaitForMultipleObjects
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
VirtualProtect
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetStdHandle
HeapSize
HeapDestroy
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
ReadFile
GetFullPathNameW
SetFileInformationByHandle
GetEnvironmentVariableA
GetTempPathW
AreFileApisANSI
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetSystemTimeAsFileTime
SetLastError
GetCurrentProcessId
FormatMessageA
GetLastError
GetModuleFileNameA
Sleep
SetConsoleTitleA
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
LoadLibraryA
InitializeSListHead
OutputDebugStringW
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GetFileType
QueryFullProcessImageNameW
GetModuleHandleW
CreateFileMappingW
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetProcAddress
CloseHandle
Process32Next
CreateFileA
CreateToolhelp32Snapshot
GetModuleHandleA
CreateFileW
LoadLibraryExA
VirtualAlloc
DeviceIoControl
GetCurrentProcess
VirtualFree
Process32First
GetFileSizeEx

user32

SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
GetKeyboardLayout
TrackMouseEvent
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ClientToScreen
GetCapture
MonitorFromWindow
SetClipboardData
LoadCursorA
GetMessageExtraInfo
RegisterClassExA
PostQuitMessage
UnregisterClassA
MessageBoxA
ScreenToClient
PeekMessageA
LoadIconA
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MoveWindow
GetMonitorInfoA
SetWindowDisplayAffinity
SetWindowLongA
ShowWindow
GetSystemMetrics
DestroyWindow
GetWindowRect
UpdateWindow
DispatchMessageA
GetAsyncKeyState
FindWindowA
GetForegroundWindow
GetCursorPos
SendInput
GetKeyState

gdi32

CreateSolidBrush

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
OpenProcessToken
RegSetValueExA
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA

shell32

ShellExecuteA
SHGetFolderPathW

msvcp140

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xbad_function_call@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_id
_Thrd_join
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?good@ios_base@std@@QEBA_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
RtlInitAnsiString
RtlCaptureContext

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord60
ord45
ord50
ord217
ord22
ord211
ord46
ord27
ord32
ord33
ord41
ord35
ord79
ord30
ord200
ord301
ord143
ord26

crypt32

CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext

ws2_32

closesocket
recv
send
WSAGetLastError
bind
connect
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
getpeername
htons
getsockopt
getsockname
ntohs

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
_purecall
longjmp
strrchr
memcpy
memset
memcmp
__intrinsic_setjmp
__current_exception_context
__current_exception
_CxxThrowException
memmove
memchr

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc
_callnewh
realloc

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_register_onexit_function
_configure_narrow_argv
_crt_atexit
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
_register_thread_local_exe_atexit_callback
system
perror
_c_exit
_cexit
_getpid
_seh_filter_exe
exit
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
abort
_get_initial_narrow_environment
__p___argv
_beginthreadex
strerror
_initterm
_initterm_e
_exit
_errno
__p___argc
_initialize_onexit_table

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fopen
getc
feof
fgets
clearerr
_pclose
tmpfile
_popen
fputc
__acrt_iob_func
_ftelli64
ferror
_lseeki64
fclose
fputs
__p__commode
__stdio_common_vsscanf
tmpnam
__stdio_common_vsprintf
_wfopen
fgetc
__stdio_common_vfprintf
fseek
ftell
fflush
_read
_get_stream_buffer_pointers
_open
_fseeki64
fread
fsetpos
ungetc
_close
setvbuf
fgetpos
freopen
fwrite
_write

api-ms-win-crt-filesystem-l1-1-0

remove
_unlink
_fstat64
_stat64
_unlock_file
_lock_file
_access
rename

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoull
strtoll
atoi
atof
strtod

api-ms-win-crt-string-l1-1-0

isupper
strncpy
strncmp
toupper
isalnum
isblank
isspace
tolower
isgraph
isalpha
strspn
isxdigit
strcspn
iscntrl
ispunct
islower
strcoll
strcmp
isdigit
_strdup
strpbrk
_stricmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

acos
floor
frexp
fmodf
log
log10
roundf
acosf
exp
asin
_dsign
__setusermatherr
pow
powf
sin
tan
atan2
llround
ldexp
fmod
sinf
ceil
ceilf
sqrt
cos
cosf
sqrtf

api-ms-win-crt-time-l1-1-0

_time64
_difftime64
clock
_mktime64
_localtime64
strftime
_gmtime64

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

298cee05200726ed1dd55112a9d75d4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

d3d11

ntdll

dbghelp

imm32

d3dcompiler_47

dwmapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 315KB - Virtual size: 326KB

.pdata Size: 74KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 315KB - Virtual size: 326KB

.pdata
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 7KB - Virtual size: 7KB