booga executor[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

booga executor.rar
Size

2.8MB
MD5

9726ed8752fcb8d534eac633fc17b33a
SHA1

8d5a797ea0b41b838b8f091f30e50e6ed361c9e9
SHA256

46d0fd50c1fa6eda3f8569fe6a9e5741f60be73cd7de6ddfbe1c39c6bea544e9
SHA512

5ad38ab7066a772dd9af53477e223da8dbec1131646f3666c479fa4ad0da723fbb17aa7875a6f534b6975b9cd4630c2cd1f56638b9d65cfe91fa2bbb7f396251
SSDEEP

49152:ha1ODNe/mZ410iB461FcxHvjuEBFrsSNrwZ0btUK6GdCRhxJhw1JZmC:hY0NH+rTFcJjuAFjrwZESK6GdCxsZmC

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Arka paska.exe
unpack001/ArkaAPI.dll
unpack001/ArkaInjector.exe

Files

booga executor.rar
.rar
Arka paska.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Hiltunen\source\repos\Arka paska\Arka paska\obj\Debug\Arka paska.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arka paska.exe.config
Arka paska.pdb
ArkaAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

;.v* u"
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
ArkaInjector.exe
.exe windows:6 windows x64 arch:x64

1913232a0afcb28e3d87dc5e2b4c167e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\VS2022\ArkaInjector\ArkaInjector\bin\Release\net8.0\win-x64\native\ArkaInjector.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
GetTokenInformation
DuplicateTokenEx
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership

bcrypt

BCryptCreateHash
BCryptDestroyHash
BCryptEncrypt
BCryptSetProperty
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptImportKey
BCryptGenRandom
BCryptDestroyKey
BCryptGetProperty
BCryptFinishHash

crypt32

CertFreeCertificateChainEngine
CertCloseStore
PFXImportCertStore
PFXExportCertStore
CryptFindOIDInfo
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptDecodeObject
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertControlStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertGetIntendedKeyUsage
CertGetNameStringW
CertGetValidUsages
CertNameToStrW

iphlpapi

GetAdaptersAddresses
GetPerAdapterInfo
GetNetworkParams
if_nametoindex

kernel32

RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
RaiseException
SetUnhandledExceptionFilter
ExitProcess
SetLastError
FormatMessageW
GetLastError
GetCPInfoExW
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
ReadConsoleInputW
SetConsoleTitleW
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetExitCodeProcess
CreateProcessW
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
CreatePipe
GetCurrentProcess
GetConsoleCP
QueryPerformanceCounter
GetTickCount64
LoadLibraryExW
CancelIoEx
CloseThreadpoolIo
RaiseFailFastException
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCurrentThread
WaitForSingleObject
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
InitializeCriticalSection
InitializeConditionVariable
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForMultipleObjectsEx
GetCurrentThreadId
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
LocalAlloc
GetProcAddress
CancelSynchronousIo
CreateIoCompletionPort
CreateDirectoryW
CreateFileW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
MoveFileExW
OpenThread
QueryUnbiasedInterruptTime
RemoveDirectoryW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcessorNumberEx
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
EncodePointer
DecodePointer
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
UnhandledExceptionFilter
RtlLookupFunctionEntry

ncrypt

NCryptImportKey
NCryptSetProperty
NCryptOpenKey
NCryptDeleteKey
NCryptFreeObject
NCryptGetProperty
NCryptOpenStorageProvider

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles

ws2_32

send
select
recv
listen
setsockopt
FreeAddrInfoExW
ioctlsocket
getsockopt
WSASend
getsockname
getpeername
WSARecv
WSAGetOverlappedResult
WSAConnect
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
WSASocketW
GetAddrInfoExW
WSAStartup
WSACleanup
bind
WSAEventSelect
WSAIoctl
accept
shutdown

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
calloc
free

api-ms-win-crt-math-l1-1-0

log2
__setusermatherr
ceil
floor
pow
modf

api-ms-win-crt-string-l1-1-0

strcpy_s
strcmp
_stricmp
wcsncmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
__p___wargv
terminate
__p___argc
_exit
_initterm_e
_crt_atexit
abort
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 278KB - Virtual size: 277KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

;.v* u" Size: 30KB - Virtual size: 29KB

.text Size: 36KB - Virtual size: 35KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

1913232a0afcb28e3d87dc5e2b4c167e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

crypt32

iphlpapi

kernel32

ncrypt

ole32

ws2_32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 726KB - Virtual size: 726KB

.managed Size: 3.1MB - Virtual size: 3.1MB

hydrated Size: - Virtual size: 1.2MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 23KB - Virtual size: 120KB

.pdata Size: 260KB - Virtual size: 259KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

;.v* u"
Size: 30KB - Virtual size: 29KB

.text
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 726KB - Virtual size: 726KB

.managed
Size: 3.1MB - Virtual size: 3.1MB

hydrated
Size: - Virtual size: 1.2MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 23KB - Virtual size: 120KB

.pdata
Size: 260KB - Virtual size: 259KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB