BoostTool[.]exe

Resubmissions

10/07/2024, 18:45

240710-xecmjatfnq 7

10/07/2024, 18:42

240710-xcrcxatepm 7

Sharing

Copy URL Twitter E-mail

General

Target

BoostTool.exe
Size

10.6MB
MD5

9f56ff82f3dfc5d3fe19b0df153c9a2d
SHA1

8df93a27e1d8cecc86ec783606f1019e181394e7
SHA256

7bf366cfabd78054254f6e2bbd7a1b269fd085ab6a98008d839510d8747eb9ec
SHA512

32f512f6988e7b7c6d6b1d268d28295bb18f7a6a4bf6bb7f643fbc0761c3c3ead507834b80b84918fe9e351ca29ff6bee227e66be6fc58ac4fcc5a71a70f0d16
SSDEEP

98304:2Pz3+0vs/LmZKx0rwlXS0IeNa2WEW3+h2wuWW:2bOfGKx0Ui0IelTW3+7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BoostTool.exe

Files

BoostTool.exe
.exe windows:6 windows x64 arch:x64

Password: asdasdasdasd123123123123gbfdgfbdgfvdgvfd

bd759e1a942fa1a44e0117c1e51cb58d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\new\builds\1256762412523061248\x64\Release\go-launcher.pdb

Imports

kernel32

GetCurrentProcess
K32GetModuleFileNameExW
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetTickCount64
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
K32EnumProcessModules
CheckRemoteDebuggerPresent
SizeofResource
SetConsoleTitleA
GetModuleHandleExW
WaitForSingleObject
LockResource
DeleteFileA
LoadResource
FindResourceW
CreateProcessA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_join
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?uncaught_exceptions@std@@YAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

ntdll

NtRaiseHardError
RtlAdjustPrivilege
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ws2_32

bind
accept
htons
WSACleanup
socket
closesocket
send
recv
select
listen
WSAStartup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_set_app_type
_register_onexit_function
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_errno
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
exit
_beginthreadex
terminate
_crt_atexit

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

_dsign
_dclass
_fdclass
_fdsign
_ldsign
__setusermatherr
_ldclass

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fclose
fflush
fputc
_set_fmode
_get_stream_buffer_pointers
__p__commode
_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: asdasdasdasd123123123123gbfdgfbdgfvdgvfd

bd759e1a942fa1a44e0117c1e51cb58d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

ntdll

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 10.3MB - Virtual size: 10.3MB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 10.3MB - Virtual size: 10.3MB

.reloc
Size: 512B - Virtual size: 300B