BlackStriker[.]exe

Resubmissions

25-08-2024 19:00

240825-xn3kbazanf 10

25-08-2024 18:56

240825-xlrp2a1cpl 10

25-08-2024 18:21

240825-wzkyzaxeqe 9

Sharing

Copy URL

Twitter E-mail

General

Target

BlackStriker.exe
Size

349KB
MD5

0595f3d2d60132f3ddb11e481766156f
SHA1

8216707cd96bf5a8b59af994baff7dffb7eac799
SHA256

a70817855f879ba69072d48ef93ac9b8116ef6e4340eff4ba09d85c344a52e75
SHA512

a7dfe0f01e46e817cfbad7176381b9ac30dda7b85365b16a6ec1ee0a6f2c04334ef2db72d454a73b6329aa46e2425f32b62dfe0044d55462b5781324290cdf77
SSDEEP

6144:esvVrDlc/hizFybqLYuiFr0wIA447IgJxbtPfKvFI8N:F5lOcUMTbEnNiD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BlackStriker.exe

Files

BlackStriker.exe
.exe windows:6 windows x64 arch:x64

5716394ad9b977056680e1cae4a08c58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BlackStriker.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetCurrentThreadId
GetEnvironmentStringsW
SetFilePointerEx
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetStdHandle
GetCurrentProcessId
Sleep
WaitForSingleObject
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
HeapFree
SetWaitableTimer
CreateWaitableTimerExW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandleEx
GetCurrentThread
FindFirstFileW
MoveFileExW
CreateEventW
ReadFile
GetOverlappedResult
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
CompareStringOrdinal
DeleteProcThreadAttributeList
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
GetTempPathW
FreeEnvironmentStringsW
InitializeSListHead
IsDebuggerPresent
DuplicateHandle
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetConsoleMode
GetCurrentProcess
GetFileInformationByHandle
UnhandledExceptionFilter
SetFileInformationByHandle
GlobalMemoryStatusEx
GetSystemInfo
lstrlenW
SetUnhandledExceptionFilter
CloseHandle
CancelIo
HeapReAlloc
IsProcessorFeaturePresent

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

__current_exception
memcmp
memmove
memset
_CxxThrowException
__CxxFrameHandler3
__C_specific_handler
__current_exception_context
memcpy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm_e
exit
_exit
_initterm
__p___argc
__p___argv
_cexit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5716394ad9b977056680e1cae4a08c58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

shell32

ole32

bcrypt

advapi32

ntdll

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 252KB - Virtual size: 252KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 1KB - Virtual size: 1KB