denort.pdb
Static task
static1
1 signatures
General
-
Target
silverbullet.exe
-
Size
92.8MB
-
MD5
db6fa8464c0d2346836b69a101ed5712
-
SHA1
2a6964fd1e9edc6927555e1a2675cda58fa34350
-
SHA256
07238aad8673ae8ec3cc7bd739474e81fef55cef7523ba3eff3f16855c622ef6
-
SHA512
4c66326f4c6f5966540c8e9a5f5850fb61b9bc1305e8c0e5fbc2e55bdc10763f8e1613456774c2452e35f53d794ffdf32cb552bebce7fd15e80d9e7888b6d1cc
-
SSDEEP
393216:V1ycO/LGzGs0K6G0S9o4EJjU1Z7bW88ek26rmNSWSDJh2aImJkwVAliXUxbblHaz:HQGH0lUzEG1dp8ekMMIGov8kev
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource silverbullet.exe
Files
-
silverbullet.exe.exe windows:6 windows x64 arch:x64
b1d69c6ce226e271dacf99bb636b0942
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WakeByAddressAll
WakeByAddressSingle
WaitOnAddress
kernel32
IsValidCodePage
SwitchToThread
CloseHandle
HeapReAlloc
lstrlenW
FreeEnvironmentStringsW
GetCurrentProcess
DuplicateHandle
GetConsoleScreenBufferInfo
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GlobalUnlock
SetThreadErrorMode
GetProcAddress
LoadLibraryExW
HeapFree
Sleep
FormatMessageW
CreateFileW
GetFileInformationByHandle
GetFileAttributesW
SetCurrentDirectoryW
GetStdHandle
SetConsoleCursorPosition
CreateIoCompletionPort
GetSystemInfo
OpenProcess
GetPriorityClass
SetPriorityClass
TerminateProcess
GetFileType
GetConsoleMode
WriteConsoleInputW
PeekConsoleInputW
FlushConsoleInputBuffer
GetCurrentProcessId
SetConsoleMode
WaitForMultipleObjects
GetNumberOfConsoleInputEvents
ResetEvent
CreateNamedPipeW
ConnectNamedPipe
GlobalMemoryStatusEx
GetTickCount64
CreateSemaphoreW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetDiskFreeSpaceW
FreeLibrary
SetErrorMode
LoadLibraryW
CreatePipe
WaitForSingleObject
CreateEventA
WideCharToMultiByte
SetFileTime
LockFileEx
UnlockFile
GetFileInformationByHandleEx
SetLastError
GetFullPathNameW
DeviceIoControl
FindResourceA
LoadResource
SizeofResource
LockResource
UnmapViewOfFile
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
CancelIoEx
SetFileCompletionNotificationModes
WaitForSingleObjectEx
CancelIo
ReadDirectoryChangesW
ReleaseSemaphore
GetModuleHandleA
GlobalLock
GlobalSize
ReadConsoleInputW
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
VirtualQuery
IsThreadAFiber
ConvertThreadToFiber
CreateFiber
SwitchToFiber
DeleteFiber
ConvertFiberToThread
MultiByteToWideChar
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
FlushFileBuffers
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
SetHandleInformation
CompareStringOrdinal
GetSystemDirectoryW
GetACP
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetExitCodeProcess
CreateEventW
ExitProcess
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
RemoveDirectoryW
CreateSymbolicLinkW
CreateHardLinkW
CopyFileExW
SetFileAttributesW
RegisterWaitForSingleObject
UnregisterWaitEx
GetProcessId
SetConsoleCtrlHandler
RemoveVectoredExceptionHandler
SetConsoleTextAttribute
VirtualAlloc
VirtualFree
GetTickCount
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LocalFree
HeapDestroy
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
HeapCreate
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetNativeSystemInfo
GetLocaleInfoEx
RtlUnwind
GetTempFileNameA
VerSetConditionMask
VerifyVersionInfoW
MapViewOfFileEx
IsDebuggerPresent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockShared
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
RtlAddFunctionTable
RtlDeleteFunctionTable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
GetDynamicTimeZoneInformation
GetUserGeoID
GetGeoInfoW
CreateSemaphoreA
InitializeConditionVariable
SuspendThread
GetThreadContext
ResumeThread
ResolveLocaleName
GetCurrencyFormatEx
GetNumberFormatEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
GetStringTypeW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
GetCommandLineA
GetConsoleOutputCP
GetCPInfo
GetOEMCP
SetStdHandle
FindFirstFileExW
GetWindowsDirectoryW
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
user32
DefWindowProcA
CloseClipboard
RegisterClassExA
GetClientRect
MapVirtualKeyW
OpenClipboard
ReleaseDC
GetClipboardData
CreateWindowExA
GetDC
DestroyWindow
shell32
SHGetKnownFolderPath
gdi32
SetPixelFormat
GetPixelFormat
ChoosePixelFormat
DescribePixelFormat
ntdll
RtlGetVersion
NtReadFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtQueryInformationFile
NtQuerySystemInformation
opengl32
wglCreateContext
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglGetCurrentContext
crypt32
CertFreeCertificateContext
CertOpenStore
CertVerifyTimeValidity
CertGetEnhancedKeyUsage
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
ole32
CoTaskMemFree
winmm
timeEndPeriod
timeBeginPeriod
timeGetTime
ws2_32
ioctlsocket
accept
shutdown
getsockopt
recv
send
WSAIoctl
sendto
WSAStartup
GetHostNameW
recvfrom
WSASocketW
WSAGetLastError
setsockopt
listen
closesocket
bind
getaddrinfo
freeaddrinfo
WSACleanup
WSASend
socket
getpeername
getsockname
WSADuplicateSocketW
connect
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SystemFunction036
RegQueryInfoKeyW
RegQueryValueExW
EventWriteTransfer
GetUserNameW
EventSetInformation
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
EventRegister
psapi
GetProcessMemoryInfo
GetPerformanceInfo
iphlpapi
GetAdaptersAddresses
bcrypt
BCryptGenRandom
d3dcompiler_47
D3DCompile
dbghelp
SymFromAddr
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymSetOptions
SymGetLineFromAddr64
Exports
Exports
CrashForExceptionInNonABICompliantCodeRange
Sections
.text Size: 47.6MB - Virtual size: 47.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28.3MB - Virtual size: 28.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 240KB - Virtual size: 397KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 206KB - Virtual size: 205KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.pedata Size: 14.6MB - Virtual size: 14.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ