win32_remote.pdb
General
-
Target
win32_remote.exe
-
Size
712KB
-
MD5
a2ce713aad970cd198adc85aec648a7f
-
SHA1
73e1608118f78f7a9df41e9d0708492f46d97838
-
SHA256
d003a2463d9ac06e1fca602ed0b6c389d480be189417b7bec4ccf3c84001a761
-
SHA512
e7089cb6544f9a5c7b2d0718f897c368b9945ded21616b7b89c9dd8fcf5c51e324e16b6db6d076a9cb09f070ad8b1d8874913a5e23c2070c6791d9008970746d
-
SSDEEP
12288:ixOnWOuaqe32iGA3wHY83Mud6qBoedLRrv9qXDfxaMJ9uY/DvxcZTaX:i4ZHGAgBlrVzG/9cwX
Score
10/10
Malware Config
Signatures
-
Industroyer 1 IoCs
Contains code associated with parsing industroyer's configuration file.
resource yara_rule sample win_industroyer_w4 -
Industroyer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource win32_remote.exe
Files
-
win32_remote.exe.exe windows:5 windows x86 arch:x86
29b23ac0415e09dc9054f0364c7deafd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ole32
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32
VariantInit
SysFreeString
ws2_32
WSASetLastError
getaddrinfo
WSAStartup
getservbyname
getservbyport
WSACleanup
WSAGetLastError
freeaddrinfo
socket
shutdown
setsockopt
sendto
select
recvfrom
ntohs
listen
inet_addr
htons
htonl
getsockname
getpeername
connect
closesocket
bind
accept
inet_ntoa
gethostbyaddr
gethostbyname
crypt32
CertGetCertificateChain
CertGetNameStringA
CertVerifyTimeValidity
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertFreeCertificateChain
secur32
DecryptMessage
EncryptMessage
FreeContextBuffer
QueryCredentialsAttributesA
QueryContextAttributesA
ApplyControlToken
DeleteSecurityContext
InitializeSecurityContextA
AcquireCredentialsHandleA
user32
PostThreadMessageA
kernel32
DecodePointer
HeapFree
HeapAlloc
LCMapStringW
CompareStringW
GetCommandLineW
GetTimeZoneInformation
MoveFileExW
DeleteFileW
FindNextFileW
FindFirstFileExW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
SetEndOfFile
FileTimeToSystemTime
FlushFileBuffers
HeapReAlloc
GetFileSizeEx
GetOEMCP
FreeEnvironmentStringsW
GetCommandLineA
GetProcessHeap
SystemTimeToTzSpecificLocalTime
GetFileType
CreateDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetDriveTypeW
SetConsoleCtrlHandler
GetModuleHandleExW
GetStringTypeW
WriteConsoleW
FindClose
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
ReadFile
SetFilePointerEx
CloseHandle
LoadLibraryA
GetModuleHandleA
CreateFileW
SearchPathA
LocalFree
FlushInstructionCache
VirtualProtectEx
VirtualQueryEx
GetCurrentProcess
TerminateProcess
GetThreadSelectorEntry
GetLastError
SetLastError
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcess
SetEvent
WaitForSingleObject
GetSystemInfo
CreateEventA
GetLogicalDriveStringsW
GetSystemDirectoryA
GetCurrentDirectoryA
QueryDosDeviceW
OpenProcess
GetVersionExA
GetCurrentProcessId
FormatMessageA
ExitProcess
IsDebuggerPresent
Sleep
HeapSize
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeProcess
GetEnvironmentStringsW
CreateThread
GetCurrentThreadId
TerminateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
GetStdHandle
CreateSemaphoreA
CreateProcessW
SearchPathW
GetFullPathNameW
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
WideCharToMultiByte
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
LoadLibraryExW
RtlUnwind
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sections
.text Size: 511KB - Virtual size: 511KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ