blink-0[.]14[.]1-windows-x86_64[.]zip

Resubmissions

08/08/2024, 00:45

240808-a4ag5s1are 3

08/08/2024, 00:34

240808-awxyga1akb 3

Sharing

Copy URL

Twitter E-mail

General

Target

blink-0.14.1-windows-x86_64.zip
Size

5.5MB
MD5

a474588315d480d808ee3223bdf691bd
SHA1

fbbd256587026cd31b846c58b87cd658e40152c7
SHA256

1339c1f1f34e4299c67f4b8cdff51c077d2491357ebdd5ed8e16855b8ed8bcad
SHA512

c4b75c024393b381361d7277514bf2f8955ef70431648e5430070fb3e0d86f0687455a9caa85305bf54343f9c9369073ebe2511b898fd3b75822aa0611ce4ca2
SSDEEP

98304:yUg3czRNcDfeIkvpHN51AYGE04KuRHkQtssF56s1dIfHBrDPSe0D9bT1EF1BNU2l:dzLgMvpNwYG+Cds5cfHFv0DRCFZNSqN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/blink.exe

Files

blink-0.14.1-windows-x86_64.zip
.zip
blink.exe
.exe windows:6 windows x64 arch:x64

a88417c37b699f4e5c12282ef2dd94f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lune.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcryptprimitives

ProcessPrng

advapi32

RegCloseKey
CredReadW
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
ImpersonateAnonymousToken
RevertToSelf

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
WakeAllConditionVariable
HeapFree
HeapReAlloc
GetConsoleMode
SetConsoleMode
GetLastError
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SwitchToThread
CloseHandle
GetTimeZoneInformationForYear
GlobalUnlock
GetCurrentThread
GetStdHandle
GetFileInformationByHandleEx
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorInfo
GetConsoleCursorInfo
ReadConsoleInputW
GetNumberOfConsoleInputEvents
lstrlenW
FormatMessageW
WideCharToMultiByte
WaitForMultipleObjects
ResetEvent
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetSystemInfo
MoveFileExW
DeleteFileW
CopyFileExW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringOrdinal
RegisterWaitForSingleObject
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
Sleep
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalSize
WriteConsoleW
LockFileEx
SetFileInformationByHandle
UnlockFile
WaitForSingleObject
MultiByteToWideChar
SetLastError
QueryPerformanceFrequency
GetModuleHandleW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetModuleFileNameW
GetCommandLineW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
CreateDirectoryW
ReadConsoleW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
GetExitCodeProcess
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
GetFileType
SetHandleInformation
UnregisterWaitEx
TerminateProcess
FindNextFileW
PostQueuedCompletionStatus
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
RtlAddFunctionTable
RtlDeleteFunctionTable
SleepConditionVariableSRW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
EncodePointer
UnhandledExceptionFilter

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

user32

GetClipboardData
OpenClipboard
CloseClipboard

bcrypt

BCryptGenRandom

ws2_32

socket
getsockopt
WSAStartup
WSACleanup
recv
send
accept
connect
freeaddrinfo
bind
getsockname
WSAGetLastError
getpeername
closesocket
WSAIoctl
ioctlsocket
WSASocketW
WSASend
listen
getaddrinfo
shutdown
setsockopt

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile

api-ms-win-crt-math-l1-1-0

trunc
round
cosf
sinf
fmod
ceilf
floorf
truncf
roundf
atan2f
ldexp
asinf
_dsign
fminf
__setusermatherr
fmaxf
tanh
tan
ceil
sqrt
sinh
fmodf
log2f
sin
pow
log2
log10
log
floor
exp
cosh
cos
atan2
atan
asin
acos
modf
frexp

api-ms-win-crt-runtime-l1-1-0

abort
_crt_atexit
_register_onexit_function
_initialize_onexit_table
strerror
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_wassert
_errno

api-ms-win-crt-string-l1-1-0

strncat
strlen
strcmp
isalpha
isspace
isupper
islower
isdigit
isxdigit
ispunct
isalnum
wcsncmp
strspn
strcpy_s
isgraph
iscntrl
toupper
tolower
strcspn
strncpy
strnlen
strpbrk

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_callnewh
_set_new_mode
realloc
_aligned_free
malloc
calloc
free

api-ms-win-crt-utility-l1-1-0

_rotl64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__p__commode
_set_fmode
fwrite
__acrt_iob_func

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtod
strtoull

api-ms-win-crt-time-l1-1-0

clock
_time64
_gmtime64_s
strftime
_localtime64_s
_difftime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a88417c37b699f4e5c12282ef2dd94f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

advapi32

kernel32

ole32

shell32

user32

bcrypt

ws2_32

ntdll

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 9.8MB - Virtual size: 9.8MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 27KB - Virtual size: 29KB

.pdata Size: 500KB - Virtual size: 500KB

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 9.8MB - Virtual size: 9.8MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 27KB - Virtual size: 29KB

.pdata
Size: 500KB - Virtual size: 500KB

.reloc
Size: 73KB - Virtual size: 73KB