obfuscate[.]exe

Resubmissions

13/10/2024, 02:02

241013-cgmv3atdme 3

13/10/2024, 02:02

241013-cgdbmatdma 3

Sharing

Copy URL

Twitter E-mail

General

Target

obfuscate.exe
Size

6.2MB
MD5

a548af06030b3bc593bb2eaf8f2b9b84
SHA1

e8614ab0506c00ab82cd5ff6a66dae12c56a902f
SHA256

fa992e9371ef58ec4780a2369944f91fd1f71213a48b8a085034996c1d12530a
SHA512

167aafb46488d9c4b3136c1de421a2d0b7efd10b31ff206c770b56c9776f0a04707d22ea38e958df02ba5f218cd836e0618998a73ab59139d17edddd6c2eeede
SSDEEP

49152:nhipm9hQRrwqMqF9N+Rjq10uEolXPpDSZOg1ETM4GBFFl:orgqu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
obfuscate.exe

Files

obfuscate.exe
.exe windows:6 windows x64 arch:x64

950e63cdedb91275c4d425a95af8444b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Desktop\P2C Projects\Secure Loader\obfuscate\x64\Release\obfuscate.pdb

Imports

ws2_32

WSAGetLastError
recv
send
htonl
connect
socket
inet_addr
WSAStartup
ntohl
htons
closesocket

asmjit

??1JitRuntime@_abi_1_13@asmjit@@UEAA@XZ
??0JitRuntime@_abi_1_13@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z
??1Assembler@x86@_abi_1_13@asmjit@@UEAA@XZ
??0Assembler@x86@_abi_1_13@asmjit@@QEAA@PEAVCodeHolder@23@@Z
?init@CodeHolder@_abi_1_13@asmjit@@QEAAIAEBVEnvironment@23@_K@Z
??1CodeHolder@_abi_1_13@asmjit@@QEAA@XZ
??0CodeHolder@_abi_1_13@asmjit@@QEAA@PEBUTemporary@Support@12@@Z
?_emitI@BaseEmitter@_abi_1_13@asmjit@@QEAAIIAEBUOperand_@23@@Z
?_emitI@BaseEmitter@_abi_1_13@asmjit@@QEAAIIAEBUOperand_@23@0@Z
?codeSize@CodeHolder@_abi_1_13@asmjit@@QEBA_KXZ

kernel32

FindFirstFileExW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
SetConsoleTextAttribute
GetStdHandle
WriteConsoleW
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
VirtualFree
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
VirtualProtect
HeapFree
GetCurrentProcess
FindNextFileW
HeapSize
GetLastError
LoadLibraryA
HeapReAlloc
CloseHandle
K32GetModuleInformation
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
SetEndOfFile
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
SleepConditionVariableSRW
Sleep
EncodePointer
RtlUnwind
GetModuleHandleW
LCMapStringEx
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
RaiseException
RtlUnwindEx
RtlPcToFileHeader
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetStdHandle
GetFileType
GetSystemInfo
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ReadFile
ExitProcess
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertSidToStringSidA
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
GetTokenInformation

userenv

UnloadUserProfile

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

950e63cdedb91275c4d425a95af8444b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

asmjit

kernel32

advapi32

userenv

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 1.5MB - Virtual size: 1.6MB

.pdata Size: 47KB - Virtual size: 46KB

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 157KB - Virtual size: 157KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 1.5MB - Virtual size: 1.6MB

.pdata
Size: 47KB - Virtual size: 46KB

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 157KB - Virtual size: 157KB