C:\Users\10\Visual Studio 2010\Projects\Free\Release\NxCharacter.2.8.2.pdb
Behavioral task
behavioral1
Sample
5342734445.dll
Resource
win10-20240404-en
General
-
Target
Hack Cyber.zip
-
Size
44KB
-
MD5
e70319ca078da7ca2ee1fc0f26f53332
-
SHA1
829c9ae74fcabe0660f5e203b018fe0850518639
-
SHA256
d7dac6deefda6e33d741457a53fb830d3259543cc8f23b1f94e898418326f38c
-
SHA512
1528fd4c602376e047641b87ac5d52e0028cd21a8b989e9d6ceaf2a2abda61f719f3c8c04b7d82360c688a22435d6f6843e95961c4bc548b39aa54585076dbcd
-
SSDEEP
768:Vn86pRPRIxptQbzRnKHm13eX17jk4db1l8GuOpbd3jwhCMwBGzP49nx:ykRPutQbzRn3ZmDfQOx43ix
Malware Config
Signatures
-
resource yara_rule static1/unpack001/ByPass DCBlue_cite.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/5342734445.mnth unpack001/ByPass DCBlue_cite.exe unpack002/out.upx
Files
-
Hack Cyber.zip.zip
-
5342734445.mnth.dll windows:6 windows x86 arch:x86
8816dc70378ba6a631f9ea817ae14ffb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
VirtualProtect
GetCurrentProcess
GetModuleHandleA
Sleep
CreateThread
GetLocalTime
AddVectoredExceptionHandler
GetProcAddress
FlushInstructionCache
IsBadReadPtr
GetTickCount
VirtualQuery
AcquireSRWLockExclusive
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
ReleaseSRWLockExclusive
user32
ScreenToClient
GetForegroundWindow
GetDesktopWindow
GetCursorPos
msvcp140
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
d3d9
Direct3DCreate9
vcruntime140
memset
memcpy
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
memmove
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
api-ms-win-crt-utility-l1-1-0
srand
rand
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
api-ms-win-crt-time-l1-1-0
_time64
_localtime64
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_cexit
_initterm
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_initterm_e
api-ms-win-crt-string-l1-1-0
_strdup
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ByPass DCBlue_cite.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ