2024-07-08_d2eb665f9f27e1a1568a7faed5c58455_bugat_floxif_mafia_poet-rat_whiskeybravo

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-08_d2eb665f9f27e1a1568a7faed5c58455_bugat_floxif_mafia_poet-rat_whiskeybravo
Size

12.9MB
MD5

d2eb665f9f27e1a1568a7faed5c58455
SHA1

b2cb3a2acba17a6015a2368cb933ed8bf43d4c97
SHA256

8a19ea240dfae9d03c0ad2c55c56b87493848a9cc9aecc96b3eb7d33be0ddcda
SHA512

7360b11792f14188e8ddbee14c4cbab7ad5a77347b658ef349c12b85509010cce8556d0452c628dd97df21ca09eae9433664c4ff4d9fef21419eb45921478a1b
SSDEEP

196608:hxLfBl/Lm910pAixF7gRpPbbSs0j8fYK1zxxtag6LK4O7NADtV6v+mzy:hxDBl/LYKAixFURRbbSgAS7m

Score

1^/10

Malware Config

Signatures

Files

2024-07-08_d2eb665f9f27e1a1568a7faed5c58455_bugat_floxif_mafia_poet-rat_whiskeybravo
.exe windows:5 windows x86 arch:x86

9737388672076ae82f8e8fa5a05e5da8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16-11-2006 01:54

Not After

16-11-2026 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:a7:a0:38:a7:b2
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2010 20:33

Not After

03-05-2013 20:33

Subject

CN=Foxit Corporation,O=Foxit Corporation,L=Fremont,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:da:4c:4b:cb:6c:91:45:a1:b7:3f:87:a5:6a:7f:ed:3b:1a:a9:3d
Signer

Actual PE Digest

06:da:4c:4b:cb:6c:91:45:a1:b7:3f:87:a5:6a:7f:ed:3b:1a:a9:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\vault\branch\infix5\small\windows\infixWin2010\Release Backdoor\Infix.pdb

Imports

dbghelp

MiniDumpWriteDump

kernel32

GetConsoleCP
GetConsoleMode
LCMapStringW
GetTimeZoneInformation
GetFileAttributesA
GetProcessHeap
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
SetEnvironmentVariableW
LoadResource
SizeofResource
QueryPerformanceFrequency
RemoveDirectoryA
OutputDebugStringA
InterlockedCompareExchange
GetVersionExA
GetSystemTime
IsWow64Process
FindFirstFileA
LoadLibraryExA
FindResourceA
FlushViewOfFile
GetStartupInfoA
GetProcessTimes
GetLogicalDrives
CreatePipe
LockResource
SetLastError
DeactivateActCtx
GetLastError
ActivateActCtx
GlobalAlloc
GlobalFree
InterlockedDecrement
LocalFree
lstrlenA
GetVersion
CreateMutexA
GetDriveTypeA
SetThreadLocale
SetThreadUILanguage
GetThreadLocale
FreeLibrary
GlobalLock
GlobalUnlock
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GetTickCount
WinExec
MulDiv
WriteFile
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileSize
GetFileTime
CloseHandle
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
ReadFile
GlobalMemoryStatus
SetFilePointer
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
WaitForSingleObject
Sleep
ReleaseMutex
CreateFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
DeleteFileA
CreateProcessA
GlobalSize
lstrcmpW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
CreateActCtxW
ReleaseActCtx
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFullPathNameW
GetDiskFreeSpaceW
GlobalGetAtomNameW
GetCurrentDirectoryW
VirtualProtect
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
lstrcmpiW
GetStringTypeExW
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetProfileIntW
SearchPathW
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
SetErrorMode
FindResourceExW
GetNumberFormatW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapFree
FindFirstFileExW
FindFirstFileExA
FindNextFileA
WriteConsoleW
GetFileType
GetStdHandle
GetDriveTypeW
HeapAlloc
ExitProcess
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
VirtualAlloc
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
MoveFileA
RemoveDirectoryW
GetStringTypeW
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
ExitThread
CreateThread
HeapQueryInformation
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
SetConsoleCtrlHandler

user32

TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DrawTextExW
CallWindowProcW
GetMenu
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
IsWindowEnabled
GetTopWindow
GetAsyncKeyState
WindowFromDC
DrawFrameControl
PostQuitMessage
ShowScrollBar
CopyIcon
MessageBeep
SetWindowPos
GetDlgCtrlID
DrawIcon
IsChild
InvertRect
RedrawWindow
DrawMenuBar
RemoveMenu
GetMenuItemCount
GetWindow
CreatePopupMenu
TranslateMessage
SetFocus
MapDialogRect
SetWindowContextHelpId
DeleteMenu
MapWindowPoints
UnionRect
EqualRect
DestroyMenu
GetSystemMenu
NotifyWinEvent
CharUpperW
ShowOwnedPopups
GetKeyState
SetRect
GetUpdateRgn
IntersectRect
EmptyClipboard
SetClipboardData
IsWindow
IsIconic
GrayStringW
GetWindowDC
BeginPaint
EndPaint
EndDialog
CreateDialogIndirectParamW
GetDesktopWindow
GetKeyNameTextW
MapVirtualKeyW
DestroyCursor
GetWindowThreadProcessId
IsZoomed
GetFocus
GetSystemMetrics
CopyImage
IsWindowVisible
GetCursorPos
KillTimer
ReleaseCapture
UpdateWindow
SetTimer
GetMessagePos
BringWindowToTop
GetUpdateRect
LockWindowUpdate
SetClassLongW
GetSysColorBrush
SetWindowRgn
GetWindowPlacement
SetParent
EnumDisplayMonitors
SetLayeredWindowAttributes
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DestroyAcceleratorTable
IsMenu
EnableScrollBar
UpdateLayeredWindow
GetMenuDefaultItem
DrawIconEx
SetMenuDefaultItem
DrawEdge
SetCapture
PtInRect
ScreenToClient
IsRectEmpty
SetRectEmpty
CloseClipboard
OpenClipboard
FrameRect
CreateIconIndirect
GetIconInfo
ReleaseDC
GetDC
GetSysColor
FillRect
OffsetRect
GetClientRect
DrawFocusRect
InflateRect
CopyRect
TrackPopupMenuEx
GetSubMenu
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
WaitMessage
CharUpperBuffW
UnregisterClassW
GetNextDlgTabItem
DestroyIcon
RealChildWindowFromPoint
IsClipboardFormatAvailable
GetTabbedTextExtentW
SetCursorPos
SubtractRect
PostThreadMessageW
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetWindowRgn
HideCaret
GetDoubleClickTime
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
CreateMenu
GetNextDlgGroupItem
InvalidateRgn
CharNextW
EnumChildWindows
CreateAcceleratorTableW
GetKeyboardState
GetCapture
GetKeyboardLayout
MonitorFromPoint

gdi32

CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetObjectA
GetBoundsRect
FillRgn
EnumFontFamiliesExW
SetPaletteEntries
GetPaletteEntries
ExtFloodFill
FrameRgn
PtInRegion
GetTextFaceW
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
RealizePalette
GetRgnBox
OffsetRgn
StretchDIBits
GetCharWidthW
RoundRect
GetSystemPaletteEntries
GetNearestPaletteIndex
CreatePolygonRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetViewportOrgEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
CreateEllipticRgn
CreateRoundRectRgn
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetPolyFillMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetCurrentObject
GetClipBox
SetBkMode
Ellipse
CreatePalette
GetDIBits
GetGlyphIndicesW
SetBrushOrgEx
SetPixelV
CreateHatchBrush
SetROP2
CreateBrushIndirect
LPtoDP
CreateRectRgn
StretchBlt
SetDIBColorTable
GetDeviceCaps
GetWindowOrgEx
GetTextColor
GetBkColor
SetBitmapBits
CreateDIBSection
Polyline
Polygon
LineTo
MoveToEx
CreatePen
Rectangle
CreateSolidBrush
SetPixel
GetPixel
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
DeleteObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW
CommDlgExtendedError

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
SetFileSecurityW
GetFileSecurityW
RegCloseKey
RegFlushKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegEnumValueA
RegSetValueW
RegEnumKeyExW

shell32

ExtractIconW
SHGetMalloc
SHGetDesktopFolder
SHGetFolderPathW
DragFinish
SHAppBarMessage
SHAddToRecentDocs
SHGetFileInfoW
DragAcceptFiles
SHGetSpecialFolderLocation

comctl32

ImageList_Remove
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_DrawEx
ImageList_AddMasked

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

ole32

CreateStreamOnHGlobal
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleLockRunning
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
DoDragDrop
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
CoInitializeEx
CoUninitialize
OleDuplicateData
StringFromCLSID
ReleaseStgMedium
CoTaskMemAlloc
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
VariantCopy
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayRedim
VariantInit
SafeArrayGetLBound
GetErrorInfo
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree

ws2_32

connect
__WSAFDIsSet
getsockopt
recv
send
select
WSACleanup
WSASetLastError
getservbyport
getservbyname
WSAGetLastError
inet_addr
WSAStartup
getsockname
listen
gethostbyaddr
ioctlsocket
inet_ntoa
htonl
htons
ntohs
bind
gethostbyname
closesocket
socket

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

wininet

InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetQueryDataAvailable

aspell

to_aspell_speller
aspell_error_number
delete_aspell_string_enumeration
aspell_speller_check
aspell_speller_save_all_word_lists
delete_aspell_speller
aspell_speller_error_message
new_aspell_speller
aspell_error_message
aspell_word_list_elements
aspell_config_replace
new_aspell_config
aspell_speller_add_to_personal
aspell_speller_suggest
aspell_speller_error
aspell_speller_store_replacement
delete_aspell_config
aspell_string_enumeration_next

icuuc36

ucnv_fromUnicode_3_6
ubrk_isBoundary_3_6
ubrk_first_3_6
ubrk_close_3_6
ubrk_next_3_6
u_ispunct_3_6
ubrk_open_3_6
u_isspace_3_6
ucnv_setFromUCallBack_3_6
ucnv_fromUChars_3_6
u_isdigit_3_6
ucnv_cbFromUWriteUChars_3_6
ucnv_open_3_6
u_isalpha_3_6
u_tolower_3_6
u_charName_3_6
ucnv_close_3_6
u_toupper_3_6

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 414KB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9737388672076ae82f8e8fa5a05e5da8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

64:a7:a0:38:a7:b2Certificate

Extended Key Usages

Key Usages

06:da:4c:4b:cb:6c:91:45:a1:b7:3f:87:a5:6a:7f:ed:3b:1a:a9:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

imm32

wininet

aspell

icuuc36

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 414KB - Virtual size: 9.8MB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 512KB - Virtual size: 511KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:01
Certificate

64:a7:a0:38:a7:b2
Certificate

06:da:4c:4b:cb:6c:91:45:a1:b7:3f:87:a5:6a:7f:ed:3b:1a:a9:3d
Signer

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 414KB - Virtual size: 9.8MB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 512KB - Virtual size: 511KB