AsteroidPC[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AsteroidPC.dll
Size

5.1MB
MD5

63d8a9b983f68d00cbef0e45fd4c2d2a
SHA1

ca4e20967eee1b5bff3d9487372021af585b9572
SHA256

5016ab836909631fc579a4b5f52e0a1de98329e5fe32a2b6bbfd70aef3b46b97
SHA512

b6b5bfc9279836e5514962a76bebffd0405abf35fa6fd50a4937ca5d3f0423f52abe2d8e33c497dae178f5ecd4b654efdea0bd2b4ed6ac87979cbbf4adab6793
SSDEEP

98304:Dd+tUzcyHQT/wAZbbU8gfr9ztOfq3qq1wM:J8UvHQLwG3U8gfr9ztOfYqm

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AsteroidPC.dll

Files

AsteroidPC.dll
.dll windows:6 windows x64 arch:x64

d9916af0bdc8ee3cad6aab346e822b3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetACP
RtlVirtualUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
SetLastError
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
ResumeThread
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateThread
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetEnvironmentVariableW
MultiByteToWideChar
GetLastError
WriteFile
GetFileType
AllocConsole
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
PeekNamedPipe
WideCharToMultiByte
ExitProcess
WriteConsoleW
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WakeAllConditionVariable
GetCPInfo
RtlUnwind
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
SleepConditionVariableSRW
DisableThreadLibraryCalls
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetConsoleMode
OpenProcess
SetConsoleMode
WriteConsoleA
GetStdHandle
SetConsoleTitleA
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
HeapAlloc
CloseHandle
HeapReAlloc
Sleep
GetTimeFormatW
CreateToolhelp32Snapshot
GlobalUnlock
GlobalLock
GlobalFree
OutputDebugStringW
GlobalAlloc

user32

OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
GetSystemMetrics
GetAsyncKeyState
CallWindowProcA
GetWindowTextA
MessageBoxA
MessageBoxW
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
ShowCursor
FindWindowA
SetWindowLongPtrA
ClipCursor
GetCursorPos

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

bcrypt

BCryptGenRandom

normaliz

IdnToAscii
IdnToUnicode

ws2_32

ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htons
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
send
accept
bind
closesocket
connect
listen
setsockopt
socket
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
htonl
recv

wldap32

ord211
ord60
ord217
ord50
ord41
ord22
ord45
ord46
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain

advapi32

CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptImportKey
CryptEncrypt
CryptAcquireContextW

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9916af0bdc8ee3cad6aab346e822b3f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

imm32

d3dcompiler_47

xinput1_4

bcrypt

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 33KB - Virtual size: 59KB

.pdata Size: 144KB - Virtual size: 144KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 33KB - Virtual size: 59KB

.pdata
Size: 144KB - Virtual size: 144KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB