dorkshit[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

dorkshit.exe
Size

5.4MB
MD5

ae23854ed1b0a6dbc0b77c673c455e4e
SHA1

59b718285636909f74451f1fea451b30c9ccda30
SHA256

101c6868fc7b9c88eb5c412b05764296214d9059dd522d6dbfb0441734a0ca2e
SHA512

fee24f3ccbd5b3295751f9d2eae64a5f28380b4b1ba4bb3bcd9d8b9b0bee8a31d56fc176ed2d833d69a9b7eb3dcdf2ec1caa2373fcecde62e7b7e7e81067169b
SSDEEP

49152:QZdxoCxI3YV1rfYTSjCZInrE43QpNXbe06kLhQHbZoITQbyb+KL3W79TOdZXt0MX:JA1uSLeLhQ8tKL31dZxmYU8w9rgqt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dorkshit.exe

Files

dorkshit.exe
.exe windows:6 windows x64 arch:x64

667bd79c56868c29d4ed3c35fca57292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\notsu\Coding\rxploit\target\release\deps\rxploit.pdb

Imports

kernel32

FormatMessageW
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
HeapAlloc
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetProcessHeap
GetCurrentThreadId
InitializeSListHead
SetConsoleTitleA
WriteConsoleW
SetConsoleTextAttribute
SetHandleInformation
GetCurrentProcessId
GetConsoleMode
SetConsoleMode
CreateFileW
GetStdHandle
GetConsoleScreenBufferInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DuplicateHandle
GetSystemInfo
IsProcessorFeaturePresent
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
CreateIoCompletionPort
SystemTimeToFileTime
GetQueuedCompletionStatusEx
TzSpecificLocalTimeToSystemTime
PostQueuedCompletionStatus
ReleaseSRWLockShared
ReadFile
GetOverlappedResult
AcquireSRWLockExclusive
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
CreateMutexA
WaitForSingleObjectEx
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
TryAcquireSRWLockExclusive
SetFilePointerEx
GetSystemTimeAsFileTime
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
GetCurrentThread
HeapReAlloc
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CancelIo
CreateThread
ReadConsoleW
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
ReleaseSRWLockExclusive
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CloseHandle
MultiByteToWideChar

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

shell32

SHCreateItemFromParsingName

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

shlwapi

AssocQueryStringW

secur32

DecryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
InitializeSecurityContextW
FreeCredentialsHandle
FreeContextBuffer
ApplyControlToken
EncryptMessage

ws2_32

bind
WSASocketW
getsockname
getpeername
getsockopt
shutdown
recv
ioctlsocket
WSASend
closesocket
setsockopt
WSAIoctl
WSAGetLastError
connect
send
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

ntdll

NtCreateFile
RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
memmove
memset

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_set_app_type
__p___argc
_initterm_e
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_crt_atexit
_seh_filter_exe
_exit
__p___argv
terminate
exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

667bd79c56868c29d4ed3c35fca57292

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

oleaut32

shlwapi

secur32

ws2_32

advapi32

crypt32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 166KB - Virtual size: 165KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 166KB - Virtual size: 165KB

.reloc
Size: 44KB - Virtual size: 43KB