b285f384db3a057c10eae7a70f77a07c8a12f73ce0c4ec4be087fa3d1e9208da[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b285f384db3a057c10eae7a70f77a07c8a12f73ce0c4ec4be087fa3d1e9208da.exe
Size

2.2MB
MD5

197b010bbd09d141ac66c6e322909380
SHA1

0c278ab412aba7308482c413b57ad6bbfc70a4cd
SHA256

b285f384db3a057c10eae7a70f77a07c8a12f73ce0c4ec4be087fa3d1e9208da
SHA512

89279c38c591df4c90a1205f165403bba3f228008d8e5e58a06dde88d317e89e7b1857d4e0ab8b7719013bf16fd0571e1dfcafb28d921a4f293418a3d587629e
SSDEEP

49152:5NvfiYvDKZsTqlzm9D1AzASvgYpBpRabZx:bfmlzm9D1AzASvgER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b285f384db3a057c10eae7a70f77a07c8a12f73ce0c4ec4be087fa3d1e9208da.exe

Files

b285f384db3a057c10eae7a70f77a07c8a12f73ce0c4ec4be087fa3d1e9208da.exe
.exe windows:6 windows x64 arch:x64

c6cdd3b88fe384f3d4b1f5f1ea235271

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\BlackDropperCPP.pdb

Imports

crypt32

CertGetNameStringW
CryptQueryObject
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertCreateCertificateChainEngine
CertOpenStore

advapi32

CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptEncrypt

ws2_32

connect
getsockopt
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSAIoctl
socket
setsockopt
recv
htons
getsockname
send
getpeername
bind
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
inet_pton
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

bcrypt

BCryptGenRandom

kernel32

WriteConsoleW
HeapSize
DeleteFileW
OutputDebugStringW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
SetEndOfFile
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
VirtualProtect
IsThreadAFiber
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCurrentThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
WriteFile
GetFileAttributesW
IsDebuggerPresent
CloseHandle
GetLastError
CreateProcessA
FreeConsole
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
SleepEx
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
LocalFree
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
GetModuleFileNameW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
ExitProcess
RtlUnwind

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 1024B - Virtual size: 563B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6cdd3b88fe384f3d4b1f5f1ea235271

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

advapi32

ws2_32

bcrypt

kernel32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 14KB - Virtual size: 25KB

.pdata Size: 83KB - Virtual size: 82KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.fptable Size: 1024B - Virtual size: 563B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 14KB - Virtual size: 25KB

.pdata
Size: 83KB - Virtual size: 82KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.fptable
Size: 1024B - Virtual size: 563B

.reloc
Size: 12KB - Virtual size: 12KB