b358ebc76f416e0d61cab2dcd213418ed04e9fbd739dbb4542b5575a7b83b7ce

Sharing

Copy URL

Twitter E-mail

General

Target

b358ebc76f416e0d61cab2dcd213418ed04e9fbd739dbb4542b5575a7b83b7ce
Size

5.8MB
MD5

df98cb817d1b622225c58dbbfffb2278
SHA1

bb4089703479e22cd55667d8a10ebe461746e42a
SHA256

b358ebc76f416e0d61cab2dcd213418ed04e9fbd739dbb4542b5575a7b83b7ce
SHA512

46782472cbc39b0867260f78139a99dd108013ea9b2e48379b0f18616475bb9a8e536a2be875dfdecb76cd6f67606111e080c06b3be6c6ea764ebd67de3a8a36
SSDEEP

98304:sf1zgMsByy8kqq/+gmlYTdfC6xet7GIXHY2q:1ByyIY+hWQ1G/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b358ebc76f416e0d61cab2dcd213418ed04e9fbd739dbb4542b5575a7b83b7ce

Files

b358ebc76f416e0d61cab2dcd213418ed04e9fbd739dbb4542b5575a7b83b7ce
.exe windows:6 windows x64 arch:x64

3998a77071307584109da84021e58139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

feroxbuster.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

ReadFileEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetProcAddress
GetModuleHandleA
Sleep
GetCurrentThread
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SleepEx
SetFileTime
GetSystemTimePreciseAsFileTime
CloseHandle
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
LocalFree
CreateSemaphoreA
QueryPerformanceFrequency
lstrlenW
WaitForSingleObject
GetModuleFileNameW
GetCommandLineW
GetCurrentThreadId
DeleteFileW
CreateProcessA
ExitProcess
GetCurrentProcess
DuplicateHandle
SetFilePointerEx
ReleaseSemaphore
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
CreateFileW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
WriteFileEx
HeapAlloc
GetProcessHeap
MoveFileExW
CreateSymbolicLinkW
CreateHardLinkW
CopyFileExW
GetFileType
SetEnvironmentVariableW
SetHandleInformation
SetFileAttributesW
UnhandledExceptionFilter
WaitForMultipleObjects
ReadConsoleInputW
GetSystemInfo
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
LoadLibraryExA
FillConsoleOutputAttribute
PostQueuedCompletionStatus
FillConsoleOutputCharacterA
QueryPerformanceCounter
GetFileInformationByHandleEx
GetConsoleScreenBufferInfo
GetLastError
SwitchToThread
SetConsoleTextAttribute
HeapFree
SetConsoleMode
GetConsoleMode
GetStdHandle
HeapReAlloc
IsProcessorFeaturePresent

crypt32

CryptStringToBinaryA
CertSetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateStore
CryptDecodeObjectEx
CertDuplicateCertificateContext
CertCreateCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

ntdll

RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile
NtReadFile

user32

ToUnicodeEx
GetWindowThreadProcessId
GetKeyboardLayout
GetForegroundWindow

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoTaskMemFree

ws2_32

WSASocketW
setsockopt
WSACleanup
getaddrinfo
WSAIoctl
closesocket
send
WSASend
bind
getsockname
WSAGetLastError
getpeername
getsockopt
connect
recv
socket
freeaddrinfo
ioctlsocket
WSAStartup
shutdown

advapi32

RegCloseKey
RegOpenKeyExW
CryptAcquireContextW
SystemFunction036
CryptImportKey
CryptReleaseContext
RegQueryValueExW
CryptDestroyKey

secur32

EncryptMessage
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage
AcquireCredentialsHandleA
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
ApplyControlToken

bcrypt

BCryptGenRandom

oleaut32

SysStringLen
SysFreeString

vcruntime140

memmove
__current_exception_context
__current_exception
__CxxFrameHandler3
memcmp
memcpy
memset
__C_specific_handler

api-ms-win-crt-math-l1-1-0

round
ceil
trunc
truncf
log10f
pow
__setusermatherr

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_register_onexit_function
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_cexit
_get_initial_narrow_environment
__p___argv
_initialize_narrow_environment
_initterm_e
exit
terminate
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3998a77071307584109da84021e58139

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

crypt32

ntdll

user32

shell32

ole32

ws2_32

advapi32

secur32

bcrypt

oleaut32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 59KB - Virtual size: 58KB

.reloc Size: 55KB - Virtual size: 54KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 59KB - Virtual size: 58KB

.reloc
Size: 55KB - Virtual size: 54KB