AlructisitApplication[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

AlructisitApplication.rar
Size

5.1MB
MD5

ff6b61c5dccb0edd471df337c52f369b
SHA1

198884c8ab7293185988fde8acf50a567762f826
SHA256

a2d5a402fbde05d9ca9ceef05ea528a1f9da591cddf062e324d89561314e8e93
SHA512

5ce3a6417ae431df949277e0ce47099987dbd7ab0b80b07afeb3fde7a38d28449180b82211d52f0e7d0fbce8304ec4bd7967a861ed35e47d53358c47a103fd9c
SSDEEP

98304:Ld1tjqvMbblqNxpAV4NYohmg/R35dj9uggjmnixjX6rqpQuZgjTQ6:Ld1tiEuqDemoJdj9uggjmOW4QuOjTQ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AlructisitApplication/AlructisitApp.exe
unpack001/AlructisitApplication/AlructisitService.exe
unpack001/AlructisitApplication/AlructisitUninstaller.exe

Files

AlructisitApplication.rar
.rar
AlructisitApplication/AlructisitApp.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AlructisitApplication/AlructisitHelper.dll
.dll windows:6 windows x64 arch:x64

5ff8d06978eb9a6b316abff6fde2ff7d

Code Sign

30:8e:1c:2d:43:b9:95:52:b6:b2:29:4e:1f:97:bc:18
Certificate

Issuer

CN=AlructisitDevB Group L,O=AlructisitDevB Group L,ST=Ontario,C=US

Not Before

17/05/2024, 21:00

Not After

17/05/2025, 21:00

Subject

CN=AlructisitDevB Group L,O=AlructisitDevB Group L,ST=Ontario,C=US

c6:ae:81:d0:5b:e3:04:e8:4a:60:33:b5:50:25:87:87:ae:16:88:a5:6d:31:5d:5e:58:3c:a9:d7:99:9c:a7:1e
Signer

Actual PE Digest

c6:ae:81:d0:5b:e3:04:e8:4a:60:33:b5:50:25:87:87:ae:16:88:a5:6d:31:5d:5e:58:3c:a9:d7:99:9c:a7:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapSize
DeleteFileW
TerminateProcess
GetLastError
GetEnvironmentVariableA
CreateEventA
GetTickCount
GetVolumeInformationW
GlobalAddAtomA
QueryFullProcessImageNameW
SetComputerNameW
WriteConsoleW
GetConsoleOutputCP
WriteFile
FindVolumeClose
FindFirstVolumeW
WideCharToMultiByte
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleW
MoveFileExW
LoadLibraryW
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
CloseHandle
GetFileInformationByHandleEx
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCPInfo
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
GetStdHandle
GetFileType
GetConsoleMode
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW

advapi32

RegOpenKeyExW
PerfStopProvider
LookupPrivilegeNameW
InitializeAcl
CredUnprotectA
CredIsMarshaledCredentialA
CheckTokenMembership
RegDeleteKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

ole32

WriteFmtUserTypeStg

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecA
ord225
UrlUnescapeA
ord462

version

VerQueryValueW
VerFindFileA

secur32

ApplyControlToken

winmm

waveInOpen

Exports

Exports

funcdru
funcger
funcintdll
funcsrd
funcurns

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AlructisitApplication/AlructisitService.exe
.exe windows:6 windows x64 arch:x64

f3ee2197e0c4c496287bcb2ee4bc435e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetModuleFileNameW
ReadFile
RtlCompareMemory
WaitForSingleObject
GetSystemTimes
DeleteFileW
MultiByteToWideChar
CreateFileW
GetModuleHandleW
DebugBreak
ExitProcess
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetNativeSystemInfo
VirtualAlloc
VirtualFree
SetLastError
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FindVolumeClose
FindFirstVolumeW
OpenMutexW
ReleaseMutex
CreateProcessW
GetCurrentProcessId
GetProcAddress
LoadLibraryW
LoadLibraryA
GetLastError
Sleep
ProcessIdToSessionId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
Process32FirstW
K32GetProcessMemoryInfo
Process32NextW
CreateToolhelp32Snapshot
ReadConsoleOutputA
GetCurrentProcess
WriteConsoleW
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
GetConsoleOriginalTitleW
GlobalGetAtomNameW
WaitForThreadpoolIoCallbacks
K32GetMappedFileNameA
GetCommandLineW
OpenProcess
CreateDirectoryTransactedW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTickCount
CreateDirectoryW
VerifyVersionInfoW
LocalFree
AllocConsole
FreeConsole
AttachConsole
GetSystemTime
GetLocalTime
DuplicateHandle
SetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
WaitForSingleObjectEx
OutputDebugStringW
GetConsoleWindow
FormatMessageW
ResetEvent
GetACP
GetFileAttributesExW
GetCurrentDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetDriveTypeW
GetFileType
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CompareStringW
LCMapStringW
IsProcessorFeaturePresent
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetTimeZoneInformation
GetModuleHandleExW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
LocaleNameToLCID
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetGeoInfoW
GetUserGeoID
FindFirstFileExW
FindNextFileW
K32GetModuleFileNameExW
CreateMutexW
QueryPerformanceCounter
QueryPerformanceFrequency

user32

GetWindowLongPtrW
KillTimer
UnregisterDeviceNotification
UnregisterClassW
SetScrollInfo
DispatchMessageW
TranslateMessage
RegisterDeviceNotificationW
SetWindowLongPtrW
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW

gdi32

GdiComment
GetTextFaceA
GetPaletteEntries
SetTextColor

advapi32

RegDeleteValueW
RegSetValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
OpenProcessToken
AddAccessAllowedAceEx
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
DuplicateTokenEx
AddAccessDeniedAceEx
CopySid
DuplicateToken
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
LookupAccountSidW
GetNamedSecurityInfoW
RegDeleteKeyW
CreateProcessAsUserW
RegEnumKeyExW
RegEnumValueW
FreeSid
LookupPrivilegeNameA
RegLoadAppKeyW
RegFlushKey
AddAccessDeniedAce
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SystemFunction036

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoCreateGuid
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysStringLen
VariantClear
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString

userenv

GetUserProfileDirectoryW

authz

AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken

netapi32

NetApiBufferFree
NetShareEnum

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveInOpen
waveInMessage
timeSetEvent
timeKillEvent
auxGetDevCapsA

ws2_32

WSAAsyncSelect

shlwapi

PathAppendW
SHGetValueW
SHSetValueW
StrStrIA
PathIsNetworkPathW
StrFormatByteSizeA
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

ntdll

RtlImageNtHeader
RtlNtStatusToDosError
NtProtectVirtualMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
RtlHashUnicodeString
NtQueryVirtualMemory
RtlRaiseStatus
LdrUnloadDll
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlFreeHeap

powrprof

PowerWriteValueMin
IsPwrSuspendAllowed
PowerRemovePowerSetting

imm32

ImmGetVirtualKey
ImmGetCompositionWindow
ImmSetOpenStatus
ImmInstallIMEA
ImmGetCompositionFontA
ImmGetCandidateListW

imagehlp

MapFileAndCheckSumW

comctl32

ord8

Exports

Exports

qt_startup_hook

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AlructisitApplication/AlructisitUninstaller.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AlructisitApplication/Alructisitdt.dt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 68KB - Virtual size: 67KB

5ff8d06978eb9a6b316abff6fde2ff7d

Code Sign

30:8e:1c:2d:43:b9:95:52:b6:b2:29:4e:1f:97:bc:18Certificate

c6:ae:81:d0:5b:e3:04:e8:4a:60:33:b5:50:25:87:87:ae:16:88:a5:6d:31:5d:5e:58:3c:a9:d7:99:9c:a7:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

version

secur32

winmm

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 20KB - Virtual size: 25KB

.pdata Size: 7KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 2KB - Virtual size: 1KB

f3ee2197e0c4c496287bcb2ee4bc435e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

userenv

authz

netapi32

version

winmm

ws2_32

shlwapi

wtsapi32

ntdll

powrprof

imm32

imagehlp

comctl32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 51KB - Virtual size: 68KB

.pdata Size: 77KB - Virtual size: 76KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 817KB - Virtual size: 816KB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 68KB - Virtual size: 67KB

30:8e:1c:2d:43:b9:95:52:b6:b2:29:4e:1f:97:bc:18
Certificate

c6:ae:81:d0:5b:e3:04:e8:4a:60:33:b5:50:25:87:87:ae:16:88:a5:6d:31:5d:5e:58:3c:a9:d7:99:9c:a7:1e
Signer

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 20KB - Virtual size: 25KB

.pdata
Size: 7KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 51KB - Virtual size: 68KB

.pdata
Size: 77KB - Virtual size: 76KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 817KB - Virtual size: 816KB

.rsrc
Size: 68KB - Virtual size: 67KB