AsteroidPC[.]dll

Resubmissions

06/09/2024, 20:50

240906-zm2mqsxcpp 8

06/09/2024, 20:50

240906-zmj3paxfje 3

06/09/2024, 20:45

240906-zjy3faxbkm 3

Sharing

Copy URL Twitter E-mail

General

Target

AsteroidPC.dll
Size

5.1MB
MD5

0586300ac1cad9158caff136d5cb614f
SHA1

0563b3f16160bdea082632456cc502394b32216f
SHA256

d6e8e726dfffc713a4b05b98a821f6b21bd99f0599e21bc8e49090ac6fac03ae
SHA512

057e759c970ec099cf0e1ccf1474fc7b5def4f44bb4d2fd6432c677ca6f400b3b44f0067e37d264db253cd81401d2fbf1b77c15646ceb1d88c6748d4c7721a33
SSDEEP

98304:kV+Y5dE9K45gYEGoLw3zuh0yTQzLVKxGbErmh2R:QR5WK45dEhM3zuh0yTQzLQxInI

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AsteroidPC.dll

Files

AsteroidPC.dll
.dll windows:6 windows x64 arch:x64

7f72652b2644b16741819f00e31a1738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetACP
RtlVirtualUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
SetLastError
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
ResumeThread
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateThread
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetEnvironmentVariableW
MultiByteToWideChar
GetLastError
WriteFile
GetFileType
AllocConsole
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
PeekNamedPipe
WideCharToMultiByte
ExitProcess
WriteConsoleW
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
RtlUnwind
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DisableThreadLibraryCalls
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetConsoleMode
OpenProcess
SetConsoleMode
WriteConsoleA
GetStdHandle
SetConsoleTitleA
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
HeapAlloc
CloseHandle
HeapReAlloc
Sleep
GetTimeFormatW
CreateToolhelp32Snapshot
GlobalUnlock
GlobalLock
GlobalFree
OutputDebugStringW
GlobalAlloc

user32

OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
GetSystemMetrics
GetAsyncKeyState
CallWindowProcA
GetWindowTextA
MessageBoxA
MessageBoxW
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
ShowCursor
FindWindowA
SetWindowLongPtrA
ClipCursor
GetCursorPos

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

bcrypt

BCryptGenRandom

normaliz

IdnToAscii
IdnToUnicode

ws2_32

ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htons
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
send
accept
bind
closesocket
connect
listen
setsockopt
socket
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
htonl
recv

wldap32

ord211
ord60
ord217
ord50
ord41
ord22
ord45
ord46
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain

advapi32

CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptImportKey
CryptEncrypt
CryptAcquireContextW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7f72652b2644b16741819f00e31a1738

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

imm32

d3dcompiler_47

xinput1_4

bcrypt

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 33KB - Virtual size: 59KB

.pdata Size: 143KB - Virtual size: 142KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 33KB - Virtual size: 59KB

.pdata
Size: 143KB - Virtual size: 142KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB