astro_modloader[.]exe

Resubmissions

22/08/2024, 12:28

240822-pnsq4szcrm 3

22/08/2024, 12:25

240822-pls9vszbqj 3

Sharing

Copy URL Twitter E-mail

General

Target

astro_modloader.exe
Size

15.4MB
MD5

1f80795d1176947394284374a1dee910
SHA1

c0a3da85087a58f44b282c591609d8c779f46a55
SHA256

5b301e42c9d6e7f74716c54599507d9eb63712d9a7f4699a26e663d711e50abe
SHA512

8484b748b417c57cb5ee032e3a3a43dde5700bde02c098d6e89c39bb38c49a84b24af0110369248a20bcae281dda2c8aab86bbc286d3a299f9d9a9e00f56b40e
SSDEEP

98304:5LEyedbtrehpg79evUdeT4IqaxFqr6B8GOszyb6HzVwyA6PIgBzF:qh7eGUFqelIy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
astro_modloader.exe

Files

astro_modloader.exe
.exe windows:6 windows x64 arch:x64

a4e9ab62b50670346218efa86ee2dd19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
GetStdHandle
GlobalFree
GlobalUnlock
lstrlenW
CreateToolhelp32Snapshot
SleepConditionVariableSRW
Thread32First
ReleaseSRWLockShared
AcquireSRWLockShared
CreateDirectoryW
Sleep
RtlVirtualUnwind
GetProcAddress
UnhandledExceptionFilter
Thread32Next
OpenThread
GetFileInformationByHandleEx
ResumeThread
GetCurrentThreadId
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
LocalFree
GlobalLock
GlobalSize
SetUnhandledExceptionFilter
MultiByteToWideChar
GlobalAlloc
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SetThreadStackGuarantee
OpenProcess
FreeLibrary
SetThreadErrorMode
LoadLibraryExW
LoadLibraryW
SuspendThread
Process32NextW
Process32FirstW
AddVectoredExceptionHandler
SetHandleInformation
CopyFileExW
SetFileInformationByHandle
MoveFileExW
GetSystemInfo
WakeConditionVariable
GetQueuedCompletionStatusEx
RtlCaptureContext
ExitProcess
SetLastError
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
WriteFileEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetSystemTimeAsFileTime
GetModuleHandleA
InitializeSListHead
IsDebuggerPresent
CloseHandle
FindClose
DeleteFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
QueryPerformanceFrequency
SleepEx
ReadFileEx
CreateThread
CreateNamedPipeW
GetCurrentProcessId
DuplicateHandle
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
QueryPerformanceCounter
HeapReAlloc
GetLastError
SetFilePointerEx
HeapFree
GetSystemDirectoryW
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFullPathNameW
HeapAlloc
GetProcessHeap
GetFileInformationByHandle
GetCurrentThread
WaitForSingleObject
WriteConsoleW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW

user32

SystemParametersInfoA
DefWindowProcW
GetWindowLongW
IsClipboardFormatAvailable
ClientToScreen
GetClipboardData
EmptyClipboard
SetClipboardData
ShowWindow
SetWindowLongW
GetKeyState
EnableMenuItem
GetActiveWindow
GetClipCursor
ClipCursor
ShowCursor
ToUnicodeEx
GetKeyboardLayout
TranslateMessage
AdjustWindowRectEx
GetClassNameW
GetClassInfoExW
GetPropW
RegisterWindowMessageA
GetUpdateRect
ValidateRect
CallWindowProcW
GetSystemMenu
GetMessageW
SetWindowLongPtrW
GetRawInputData
RegisterRawInputDevices
DestroyIcon
RemovePropW
CloseClipboard
OpenClipboard
PostThreadMessageW
GetKeyboardState
GetMenu
CloseTouchInputHandle
GetTouchInputInfo
MapVirtualKeyA
TrackMouseEvent
SetCapture
MonitorFromRect
SetCursor
LoadCursorW
DestroyWindow
ScreenToClient
ReleaseDC
IsProcessDPIAware
PostMessageW
GetClientRect
RegisterTouchWindow
SetForegroundWindow
SendInput
MapVirtualKeyW
SetWindowDisplayAffinity
SendMessageW
CreateWindowExW
RegisterClassExW
GetDC
GetWindowLongPtrW
RedrawWindow
EnumDisplayMonitors
CreateIcon
GetSystemMetrics
SetPropW
MsgWaitForMultipleObjectsEx
SetWindowTextW
GetCursorPos
ReleaseCapture
SetWindowPlacement
GetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
InvalidateRgn
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
IsIconic
DispatchMessageW

oleaut32

SafeArrayCreateVector
SetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayPutElement

uiautomationcore

UiaLookupId
UiaRaiseAutomationEvent
UiaGetReservedNotSupportedValue
UiaRaiseAutomationPropertyChangedEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd

shell32

SHGetKnownFolderPath
ShellExecuteW
DragFinish
DragQueryFileW

ole32

RegisterDragDrop
CoCreateInstance
CoInitializeEx
RevokeDragDrop
OleInitialize
CoTaskMemFree
CoUninitialize

opengl32

wglMakeCurrent
wglGetCurrentDC
wglShareLists
wglGetCurrentContext
wglCreateContext
wglDeleteContext
wglGetProcAddress

gdi32

DescribePixelFormat
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
DeleteObject
SwapBuffers
CreateRectRgn

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

dwmapi

DwmEnableBlurBehindWindow

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod

shlwapi

AssocQueryStringW

ws2_32

WSAGetLastError
getsockname
getpeername
WSAStartup
send
getaddrinfo
freeaddrinfo
WSASend
setsockopt
WSAIoctl
shutdown
bind
connect
WSASocketW
getsockopt
ioctlsocket
recv
WSACleanup
closesocket

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile

crypt32

CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertDuplicateCertificateContext

bcrypt

BCryptGenRandom

advapi32

RegQueryValueExW
SystemFunction036
RegOpenKeyExW
RegCloseKey
SetEntriesInAclW
RegEnumKeyExW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetNamedSecurityInfoW

secur32

ApplyControlToken
AcceptSecurityContext
FreeCredentialsHandle
EncryptMessage
FreeContextBuffer
QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA

uxtheme

SetWindowTheme

vcruntime140

memcmp
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memmove
memset
__CxxFrameHandler3
memcpy

api-ms-win-crt-math-l1-1-0

powf
truncf
__setusermatherr
floorf
roundf
round
exp2f
cbrtf
acosf
atan2f
cosf
expf
floor
trunc
sinf
ceilf
_hypotf
ceil

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
terminate
_initialize_onexit_table
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initterm
_exit
exit
_initterm_e
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a4e9ab62b50670346218efa86ee2dd19

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

uiautomationcore

shell32

ole32

opengl32

gdi32

imm32

dwmapi

winmm

shlwapi

ws2_32

ntdll

crypt32

bcrypt

advapi32

secur32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 6.3MB - Virtual size: 6.3MB

.data Size: 3KB - Virtual size: 14KB

.pdata Size: 291KB - Virtual size: 291KB

.rsrc Size: 362KB - Virtual size: 362KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 6.3MB - Virtual size: 6.3MB

.data
Size: 3KB - Virtual size: 14KB

.pdata
Size: 291KB - Virtual size: 291KB

.rsrc
Size: 362KB - Virtual size: 362KB

.reloc
Size: 42KB - Virtual size: 41KB