36214001aad5a561e3e8e17334adb7e507f937510978302c860df84ec647be2b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

36214001aad5a561e3e8e17334adb7e507f937510978302c860df84ec647be2b.exe
Size

2.3MB
MD5

ed7e56bb217c2448ad3b61f5bfd83e16
SHA1

92d994024ff61db1726d0ace38e6b4f22a8ef522
SHA256

36214001aad5a561e3e8e17334adb7e507f937510978302c860df84ec647be2b
SHA512

4a7aa240a034023e4453cbd4b408b977431912132a4dd058f60d39a8d13547f7cfb2cb7e0666ac4401c6a490e1cb214af7c6d9d4c95037f638c817b302f59b33
SSDEEP

49152:n1EofVNQzBWKHqP6qhw6rb1eNhuQk/FJjnDViNgi:n1EofCqhw6rb1eNhuln0gi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36214001aad5a561e3e8e17334adb7e507f937510978302c860df84ec647be2b.exe

Files

36214001aad5a561e3e8e17334adb7e507f937510978302c860df84ec647be2b.exe
.exe windows:6 windows x64 arch:x64

6488053962cbd82251db464b97b3cf51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BlackDropperCPP\BlackDropperCPP.pdb

Imports

crypt32

CertGetNameStringW
CryptQueryObject
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertCreateCertificateChainEngine
CertOpenStore

advapi32

CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptEncrypt

ws2_32

connect
getsockopt
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSAIoctl
socket
setsockopt
recv
htons
getsockname
send
getpeername
bind
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
inet_pton
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

bcrypt

BCryptGenRandom

kernel32

WriteConsoleW
HeapSize
OutputDebugStringW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
SetEndOfFile
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
VirtualProtect
IsThreadAFiber
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileSize
ReadFile
RemoveDirectoryW
WriteFile
IsDebuggerPresent
CloseHandle
GetLastError
SetLastError
SetNamedPipeHandleState
CreateNamedPipeW
InitializeConditionVariable
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CreateEventExW
CreateWaitableTimerExW
Sleep
WaitForMultipleObjects
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
CreateProcessA
ProcessIdToSessionId
GetProcessId
OpenProcess
GetProcessHandleCount
SetProcessPriorityBoost
GetSystemInfo
GetSystemTime
SetSystemTime
GetLogicalProcessorInformation
GetSystemTimePreciseAsFileTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
OpenJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetModuleFileNameW
GetModuleHandleW
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
SetProcessAffinityMask
QueryFullProcessImageNameW
RegisterWaitForSingleObject
FreeConsole
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
SleepEx
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
FormatMessageA
GetLocaleInfoEx
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
SleepConditionVariableSRW
GetTickCount64
GetStringTypeW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitOnceExecuteOnce
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
GetStartupInfoW
InitializeSListHead
ExitThread
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
RtlUnwind

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 1024B - Virtual size: 563B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6488053962cbd82251db464b97b3cf51

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

advapi32

ws2_32

bcrypt

kernel32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 341KB - Virtual size: 340KB

.data Size: 14KB - Virtual size: 26KB

.pdata Size: 87KB - Virtual size: 86KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.fptable Size: 1024B - Virtual size: 563B

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 341KB - Virtual size: 340KB

.data
Size: 14KB - Virtual size: 26KB

.pdata
Size: 87KB - Virtual size: 86KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.fptable
Size: 1024B - Virtual size: 563B

.reloc
Size: 13KB - Virtual size: 12KB