AOT-Revolution-Script_960366[.]exe

Resubmissions

25-07-2024 22:23

240725-2axjcs1gnd 7

25-07-2024 22:22

240725-2aadtsydjl 6

Sharing

Copy URL

Twitter E-mail

General

Target

AOT-Revolution-Script_960366.exe
Size

24.2MB
MD5

7348334207079cf5fb6d6bfa6858919e
SHA1

d4c0586ca6a06357a2a9ee56d65ab26818293232
SHA256

04f84fe3f1d4eecd3c9c6e43b95d329308e3c230ec6cfe8f6a9366250f1ae7c6
SHA512

39d31328951e037bfee14d677644e5b22cedea5d98fbb3b72734c961546f5cffff7f4df8d65cad21a4a65eb5047718c4dc58be4461d1bb5c27aa02b4a3413dd2
SSDEEP

786432:I+r4Outm8Fg6L6eakPnjlMJAuCZDDZTK7QX:Im0/iJAVDtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AOT-Revolution-Script_960366.exe

Files

AOT-Revolution-Script_960366.exe
.exe windows:6 windows x86 arch:x86

bc285e9d6ae92fa72681bd568018af9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCurrentThreadId
FindFirstFileExA
GetStringTypeW
GetFullPathNameW
GetFileAttributesExW
IsProcessorFeaturePresent
GetSystemInfo
GetOEMCP
CompareStringW
RtlUnwind
WaitForMultipleObjects
GetModuleFileNameA
CreateEventW
GlobalUnlock
TlsAlloc
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
CreateDirectoryW
CreateFileW
DecodePointer
ExitThread
DeleteCriticalSection
LCMapStringEx
InitializeSListHead
GetEnvironmentStringsW
RemoveDirectoryW
GetDriveTypeW
IsValidCodePage
MoveFileExW
SetFileTime
GetTimeFormatW
GetEnvironmentVariableA
ReadFile
GetCurrentDirectoryW
FileTimeToSystemTime
GetFileType
CloseHandle
FreeLibraryAndExitThread
GetProcessAffinityMask
MoveFileW
ReleaseSRWLockExclusive
SetLastError
GetCPInfo
WriteConsoleW
GetVersionExW
GetProcessHeap
GetUserDefaultLCID
GetCurrentProcessId
GetModuleFileNameW
GlobalLock
SetEnvironmentVariableA
GetStartupInfoW
GlobalMemoryStatus
CompareFileTime
GetCommandLineW
GetSystemDirectoryW
PeekNamedPipe
MultiByteToWideChar
WaitForSingleObjectEx
SetPriorityClass
GetModuleHandleW
GetDateFormatW
FreeLibrary
SetFileAttributesW
EnumSystemLocalesW
IsValidLocale
EncodePointer
FileTimeToLocalFileTime
GetModuleHandleA
FlushFileBuffers
GetFileAttributesW
GetLastError
IsDebuggerPresent
QueryPerformanceFrequency
VirtualFree
HeapSize
SetFilePointer
SetStdHandle
CreateSemaphoreW
FindNextFileW
InitializeCriticalSectionEx
lstrlenA
LoadLibraryW
GetTickCount
TlsFree
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetConsoleMode
GetTimeZoneInformation
QueryPerformanceCounter
GetACP
TerminateProcess
LocalFree
HeapReAlloc
GetConsoleCP
SetEvent
GetTickCount64
CreateThread
InitializeCriticalSection
GetFileInformationByHandle
GlobalAlloc
HeapFree
AcquireSRWLockExclusive
Sleep
LoadLibraryA
FormatMessageW
SetUnhandledExceptionFilter
SetEndOfFile
TlsSetValue
GetCommandLineA
GetFileSize
SleepEx
LeaveCriticalSection
FindClose
GetLogicalDriveStringsW
FindNextFileA
TlsGetValue
GetFileSizeEx
LCMapStringW
GlobalFree
WaitForSingleObject
ReleaseSemaphore
ReadConsoleW
VerifyVersionInfoW
FreeEnvironmentStringsW
ExitProcess
UnhandledExceptionFilter
GetStdHandle
GetProcAddress
GetVersion
WriteFile
GetModuleHandleExW
LoadLibraryExW
VerSetConditionMask
GetSystemTimeAsFileTime
FindFirstFileW
VirtualAlloc
ResetEvent
WideCharToMultiByte
SetFilePointerEx
EnterCriticalSection
HeapAlloc

user32

LoadCursorW
GetParent
GetKeyState
CharUpperW
ScreenToClient
GetFocus
ShowWindow
IsDlgButtonChecked
GetWindowTextLengthW
LoadIconW
SetDlgItemTextW
GetWindowTextW
SystemParametersInfoW
SetTimer
GetDlgItem
MapDialogRect
OpenClipboard
PostMessageW
MonitorFromWindow
EnableWindow
GetWindowRect
InvalidateRect
GetWindowLongW
wsprintfA
CheckDlgButton
EmptyClipboard
CloseClipboard
KillTimer
DialogBoxParamW
EndDialog
SetWindowLongW
SendMessageW
SetFocus
SetCursor
MessageBoxW
GetMonitorInfoA
SetWindowTextW
LoadStringW
SetClipboardData
MoveWindow

advapi32

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
CryptImportKey
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen

ws2_32

__WSAFDIsSet
select
accept
connect
getsockname
htonl
setsockopt
recv
socket
freeaddrinfo
WSACloseEvent
recvfrom
sendto
getpeername
ioctlsocket
gethostname
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
WSAEventSelect
getaddrinfo
WSAWaitForMultipleEvents
WSAIoctl
send
listen
getsockopt
bind

crypt32

CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptQueryObject
CryptDecodeObjectEx
CertFreeCertificateContext
CertGetNameStringW
CryptStringToBinaryW
CertFindExtension
CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateChain

wldap32

ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord147
ord145
ord301
ord133

bcrypt

BCryptGenRandom

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bc285e9d6ae92fa72681bd568018af9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

wldap32

bcrypt

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 95KB