opium[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

opium.exe
Size

3.7MB
MD5

c1a4ef4c0dbe0edec0464192c3258c1c
SHA1

3abe52a13baad33c606f325260e6ecd54a0f375a
SHA256

82e68aada0111b6008fe28a1771037c43eaef68e447ae8b644930cb2d91e7092
SHA512

315932c1fc80024b3b1b483e0f8a69affeb589f6ff0519a190987fb6f16101b9f005d93bbea053cd43d8a0e0c1a4a64f10e11b99e22d795deeb4cb904663ebbf
SSDEEP

98304:OlF5tvjuPSDJvPErEMbCramTTM30uL1ZaFi:8F5sPSlvPYC+myL1gF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
opium.exe

Files

opium.exe
.exe windows:6 windows x64 arch:x64

6111ae1efe5d8f16981d9da13efd0706

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\levsn\Downloads\kaz life\[BETA]\nevermiss - beta -menu\FatNiggasEverywhere - Copy\santo\build\opium.pdb

Imports

ws2_32

closesocket
sendto
gethostname
ntohl
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
recvfrom

normaliz

IdnToAscii

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CryptQueryObject
CertFindExtension
CertGetNameStringA
CertGetCertificateChain

wldap32

ord41
ord301
ord200
ord30
ord79
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord22
ord26
ord27
ord32
ord33
ord35

winmm

PlaySoundA

kernel32

GetFileInformationByHandleEx
SetConsoleTitleA
GetStdHandle
SetCurrentConsoleFontEx
Sleep
Beep
GetConsoleWindow
VirtualFree
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetModuleFileNameA
Process32First
GetCurrentProcess
CreateFileW
CreateToolhelp32Snapshot
CreateFileA
CloseHandle
lstrcmpiA
TerminateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
GetLocaleInfoEx
OutputDebugStringW
AreFileApisANSI
GetTickCount
GetFullPathNameW
GetTempPathW
SetFileInformationByHandle
QueryPerformanceCounter
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
Process32Next
ReleaseSRWLockExclusive

user32

LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
MonitorFromWindow
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
MessageBoxA
GetForegroundWindow
ScreenToClient
GetAsyncKeyState
GetCursorPos
SendInput
GetWindowRect
SetWindowLongA
TranslateMessage
GetWindowTextA
GetWindowLongA
MoveWindow
EnumWindows
SetLayeredWindowAttributes
GetWindowTextLengthA
FindWindowA
DispatchMessageA
DestroyWindow
GetSystemMetrics
SetWindowDisplayAffinity
GetMonitorInfoA
DefWindowProcA
CreateWindowExA

gdi32

CreateSolidBrush

advapi32

CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellExecuteA

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Mtx_unlock
_Mtx_lock
?_Random_device@std@@YAIXZ
_Thrd_join
_Thrd_id
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ

ntdll

RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

dbghelp

ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData

d3d11

D3D11CreateDeviceAndSwapChain

wininet

InternetConnectA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
strrchr
memmove
memcpy
memcmp
memchr
_CxxThrowException
strstr
memset
strchr
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fsetpos
ftell
ungetc
_set_fmode
setvbuf
_lseeki64
fgetpos
__stdio_common_vsprintf
ferror
__stdio_common_vsscanf
__p__commode
fopen
_wfopen
__acrt_iob_func
fflush
fputs
fclose
_fseeki64
clearerr
fgetc
_read
fseek
__stdio_common_vfprintf
_pclose
_setmode
_close
_popen
_write
fputc
_get_stream_buffer_pointers
fread
feof
_lseek
fwrite
_fileno
_open
fgets

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
strerror
__sys_nerr
_invalid_parameter_noinfo
perror
_initterm_e
_resetstkoflw
system
abort
terminate
_errno
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_getpid
_exit
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
realloc
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

powf
acosf
atan2f
ceilf
sqrtf
sin
__setusermatherr
cos
cosf
fmod
fmodf
sinf
_dsign

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
atof
strtoll
strtod
strtol
strtoull

api-ms-win-crt-filesystem-l1-1-0

_mkdir
remove
_access
_lock_file
_stat64
_fstat64
_unlink
_unlock_file

api-ms-win-crt-string-l1-1-0

wcscpy_s
isupper
strspn
strcspn
_stricmp
strncpy
_strdup
strncmp
tolower
strpbrk
strcmp

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64
_gmtime64

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6111ae1efe5d8f16981d9da13efd0706

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

normaliz

crypt32

wldap32

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

wininet

imm32

d3dcompiler_43

dwmapi

d3dx11_43

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 864KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 2.6MB - Virtual size: 2.7MB

.pdata Size: 27KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 864KB - Virtual size: 864KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 2.6MB - Virtual size: 2.7MB

.pdata
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB