Sentinel-bin[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Sentinel-bin.rar
Size

143KB
MD5

9b9a713368456518025a45cbf2fc4e5d
SHA1

48178697d43e52eb57968a0cee020ba2a18e9c95
SHA256

125b7a4de6c323e99ff49713b815a69733a0838c77113743cd0dfd21d7f0231c
SHA512

305c33dea9c1ba7c6677916d542ec5a04eb992802c3bdaba47ad6f39f78e99366a3d47be16c53825482e36a45876b7f063367b044cbd7dd16f7dc388a29214ec
SSDEEP

3072:iB+Y/mFdEJi+t80iv9igqq767exxkpFau2llcm3+wb/Om9gVW4+EH:a/m/EFVivPWmkmu2vVOm9gV5+c

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/distorm3.dll
unpack001/bin/protector.exe
unpack001/bin/sentinel.dll
unpack001/bin/sentinel.exe

Files

Sentinel-bin.rar
.rar
bin/COPYING
bin/Sentinel.exe.lnk
.lnk
bin/distorm3.dll
.dll windows:5 windows x86 arch:x86

576c621778894f599a4b966b28033d26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
Beep
GetCommandLineA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Beep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Exports

Exports

distorm_decode32
distorm_decompose32
distorm_format32
distorm_version

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/plist.txt
bin/protector.exe
.exe windows:4 windows x86 arch:x86

030e8f4a81ebf0378d555b4da48c5f32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

SymGetSymFromAddr
SymInitialize
SymLoadModule

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateFileA
CreateToolhelp32Snapshot
EnterCriticalSection
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
Module32First
Module32Next
MultiByteToWideChar
OpenProcess
RaiseException
ReadProcessMemory
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
WideCharToMultiByte
WriteFile
WriteProcessMemory

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/sentinel.dll
.dll windows:4 windows x86 arch:x86

7ac8fca347aef675974c2e674ac45c60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

imagehlp

SymGetSymFromAddr
SymInitialize
SymLoadModule

kernel32

CloseHandle
CreateFileA
CreateToolhelp32Snapshot
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
Module32First
Module32Next
MultiByteToWideChar
OpenThread
Process32First
Process32Next
RaiseException
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SuspendThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
WriteFile

wsock32

WSAStartup
connect
htons
ioctlsocket
recv
send
socket

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

___CPPdebugHook

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/sentinel.exe
.exe windows:4 windows x86 arch:x86

2f4e0c7e74dd968e55b9c4545a599985

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateFileA
CreateProcessA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetThreadContext
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
MultiByteToWideChar
OpenProcess
OpenThread
Process32First
Process32Next
RaiseException
ReadFile
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetThreadContext
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteProcessMemory

wsock32

WSAStartup
accept
htons
ioctlsocket
listen
recv
send
socket
bind

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/user-guide.txt

Sharing

General

Malware Config

Signatures

Files

576c621778894f599a4b966b28033d26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 28KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

030e8f4a81ebf0378d555b4da48c5f32

Headers

File Characteristics

Imports

imagehlp

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 60KB

.data Size: 14KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

7ac8fca347aef675974c2e674ac45c60

Headers

File Characteristics

Imports

imagehlp

kernel32

wsock32

user32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 40KB

.data Size: 10KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

2f4e0c7e74dd968e55b9c4545a599985

Headers

File Characteristics

Imports

advapi32

kernel32

wsock32

user32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 28KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 57KB - Virtual size: 60KB

.data
Size: 14KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 40KB

.data
Size: 10KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB