fabookie | ca0aef7482908df28ea75b42f8b26236aecfcc5b37421fdc0d309cee15500506

Sharing

Copy URL

Twitter E-mail

General

Target

ca0aef7482908df28ea75b42f8b26236aecfcc5b37421fdc0d309cee15500506
Size

6.8MB
MD5

b96ce989c772a073b1bcc341a37787e3
SHA1

2c66915d1384818a982eacb364acb5e86c2a66fc
SHA256

ca0aef7482908df28ea75b42f8b26236aecfcc5b37421fdc0d309cee15500506
SHA512

d7094d7a93019235ec6fb193bb0df27063f761f11b6eb0ba38cf69c43db435e6355370106d3c2a87ac566ca4ebcd07ae68e1845047280995f7d35d2d1d430ff5
SSDEEP

196608:t86NetLpl2zCh3a3Dlrn7LKzwRfh1ZscQAedF1cHISas:O6NejMzChaDlrn7Lkkic0dF1Jc

Score

10^/10

fabookie privateloader risepro

Malware Config

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
static1/unpack001/arnatic_4.exe	family_fabookie

Fabookie family
fabookie
Privateloader family
privateloader
Risepro family
risepro

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/arnatic_2.exe
unpack001/arnatic_3.exe
unpack001/arnatic_4.exe
unpack001/arnatic_5.exe
unpack001/arnatic_6.exe
unpack001/arnatic_7.exe
unpack001/null.exe

Files

ca0aef7482908df28ea75b42f8b26236aecfcc5b37421fdc0d309cee15500506
.zip
app.exe
.exe windows:5 windows x86 arch:x86

e621a9dda4bab203878bb79570221dd7

Code Sign

3c:88:3a:8f:39:21:e9:ef:f8:96:64:67:20:4f:21:a4
Certificate

Issuer

POSTALCODE=10051

Not Before

19-06-2021 20:49

Not After

19-06-2022 20:49

Subject

POSTALCODE=10051

64:7a:49:a9:0e:6c:68:29:3e:43:25:57:bd:cb:cf:5a:1c:90:d0:07:82:e6:45:bd:46:ae:5e:0f:b7:5d:36:78
Signer

Actual PE Digest

64:7a:49:a9:0e:6c:68:29:3e:43:25:57:bd:cb:cf:5a:1c:90:d0:07:82:e6:45:bd:46:ae:5e:0f:b7:5d:36:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\puhovumevaga yilih zoyurukelid\zex70\yifilubava\resusedaf\za.pdb

Imports

kernel32

GetCommandLineW
EnumResourceNamesW
SetVolumeLabelA
SearchPathW
FindFirstFileW
TlsGetValue
SetLocalTime
GetDriveTypeW
GetNumberOfConsoleInputEvents
CallNamedPipeA
InterlockedIncrement
InterlockedDecrement
InitializeSListHead
GetProfileSectionA
SetComputerNameW
GetComputerNameW
CreateDirectoryExA
GetModuleHandleW
GenerateConsoleCtrlEvent
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetConsoleTitleA
GetWindowsDirectoryA
GetSystemWow64DirectoryA
EnumResourceTypesA
FindResourceExA
GlobalAlloc
AddRefActCtx
GetVolumeInformationA
Sleep
ReadFileScatter
GetConsoleWindow
GetSystemTimeAdjustment
GetVersionExW
GlobalFlags
GetBinaryTypeA
TerminateProcess
GetAtomNameW
IsDBCSLeadByte
ReadFile
CompareStringW
lstrlenW
SetConsoleTitleA
GlobalUnlock
LCMapStringA
VerifyVersionInfoW
CreateDirectoryA
InterlockedExchange
GetFileSizeEx
GetProcAddress
FreeUserPhysicalPages
OpenWaitableTimerA
LoadLibraryA
Process32FirstW
OpenMutexA
SetCalendarInfoW
IsSystemResumeAutomatic
SetConsoleOutputCP
AddAtomW
SetFileApisToANSI
WriteProfileSectionW
GetCommMask
GetTapeParameters
GetSystemInfo
GetOEMCP
SetConsoleCursorInfo
CreateIoCompletionPort
FreeEnvironmentStringsW
FindNextFileW
BuildCommDCBA
GetCurrentDirectoryA
CompareStringA
ScrollConsoleScreenBufferA
CopyFileExA
DeleteFileA
GetLastError
MoveFileA
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers
GetModuleHandleA

user32

GetMenuCheckMarkDimensions
GetMenuInfo
GetComboBoxInfo
GetMenuBarInfo

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_2.exe
.exe windows:5 windows x86 arch:x86

621d175e940c3f2ca7217a398b3c22a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\felunawocovus\seruboviy_rehi.pdb

Imports

kernel32

EnumResourceNamesW
SearchPathW
FindFirstFileW
TlsGetValue
SetLocalTime
GetDriveTypeW
GetNumberOfConsoleInputEvents
FindResourceExW
CallNamedPipeA
InterlockedIncrement
InitializeSListHead
GlobalLock
SetComputerNameW
GetComputerNameW
GetCommProperties
FreeEnvironmentStringsA
SetTapeParameters
GetModuleHandleW
GenerateConsoleCtrlEvent
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetConsoleTitleA
GetCommandLineA
GetSystemWow64DirectoryA
CreateDirectoryExW
InitializeCriticalSection
GlobalAlloc
AddRefActCtx
GetVolumeInformationA
Sleep
ReadFileScatter
GetSystemWindowsDirectoryA
GetSystemTimeAdjustment
GetVersionExW
GlobalFlags
GetBinaryTypeA
TerminateProcess
IsDBCSLeadByte
ReadFile
CompareStringW
lstrlenW
SetConsoleTitleA
LCMapStringA
VerifyVersionInfoW
CreateDirectoryA
InterlockedExchange
GetFileSizeEx
GetCurrentDirectoryW
GetProcAddress
SetVolumeLabelW
WriteProfileSectionA
FreeUserPhysicalPages
BuildCommDCBW
OpenWaitableTimerA
LoadLibraryA
Process32FirstW
OpenMutexA
SetConsoleOutputCP
AddAtomW
SetFileApisToANSI
FindAtomA
GetTapeParameters
GetSystemInfo
EnumResourceTypesW
CreateIoCompletionPort
FreeEnvironmentStringsW
FindNextFileW
RequestWakeupLatency
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
SetCalendarInfoA
GetWindowsDirectoryW
GetProfileSectionW
CopyFileExA
DeleteFileA
FlushFileBuffers
GetLastError
MoveFileA
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetMenuCheckMarkDimensions
GetMenuInfo
GetMenuBarInfo

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_3.exe
.exe windows:5 windows x86 arch:x86

a044253673528dd98a9dd008f2a6b058

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
CreateFileW

user32

wsprintfW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_4.exe
.exe windows:6 windows x86 arch:x86

bf5334edf7817996f04e881057327d72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\workspace_c\GjOGoOIgHJEwh52iJ_20\Release\GjOGoOIgHJEwh52iJ_20.pdb

Imports

kernel32

LocalFree
SizeofResource
GetLastError
LockResource
LoadResource
FindResourceW
WinExec
WriteConsoleW
FormatMessageW
Sleep
GetTempPathA
lstrlenW
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DeleteFileW
ReadFile
ReadConsoleW
SetEndOfFile

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetCredentials
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_5.exe
.exe windows:6 windows x86 arch:x86

146d9834dca937c5740063d6c887d411

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindClose
lstrcatA
GetModuleHandleA
GlobalAlloc
lstrcpyA
VerSetConditionMask
GetModuleHandleW
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
IsWow64Process
GetComputerNameA
GetProcAddress
HeapFree
lstrlenA
LoadLibraryA
HeapAlloc
lstrcpynA
GetProcessHeap
GetLastError
CreateFileW
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
SetLastError
MultiByteToWideChar
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCurrentThread
GetThreadTimes
RtlUnwind
InterlockedPushEntrySList
RaiseException
FreeLibrary
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
SetEnvironmentVariableW
GetStdHandle
GetModuleFileNameW
WriteConsoleW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
OutputDebugStringW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteFile
AreFileApisANSI
ReadFile
SetEvent
ResetEvent
WaitForSingleObjectEx

user32

CharToOemA
CharNextA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
ConvertSidToStringSidA
LookupAccountNameA

Sections

.text
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arnatic_7.exe
.exe windows:5 windows x86 arch:x86

621d175e940c3f2ca7217a398b3c22a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dijoha\zavur\luj88\bopuvo.pdb

Imports

kernel32

EnumResourceNamesW
SearchPathW
FindFirstFileW
TlsGetValue
SetLocalTime
GetDriveTypeW
GetNumberOfConsoleInputEvents
FindResourceExW
CallNamedPipeA
InterlockedIncrement
InitializeSListHead
GlobalLock
SetComputerNameW
GetComputerNameW
GetCommProperties
FreeEnvironmentStringsA
SetTapeParameters
GetModuleHandleW
GenerateConsoleCtrlEvent
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetConsoleTitleA
GetCommandLineA
GetSystemWow64DirectoryA
CreateDirectoryExW
InitializeCriticalSection
GlobalAlloc
AddRefActCtx
GetVolumeInformationA
Sleep
ReadFileScatter
GetSystemWindowsDirectoryA
GetSystemTimeAdjustment
GetVersionExW
GlobalFlags
GetBinaryTypeA
TerminateProcess
IsDBCSLeadByte
ReadFile
CompareStringW
lstrlenW
SetConsoleTitleA
LCMapStringA
VerifyVersionInfoW
CreateDirectoryA
InterlockedExchange
GetFileSizeEx
GetCurrentDirectoryW
GetProcAddress
SetVolumeLabelW
WriteProfileSectionA
FreeUserPhysicalPages
BuildCommDCBW
OpenWaitableTimerA
LoadLibraryA
Process32FirstW
OpenMutexA
SetConsoleOutputCP
AddAtomW
SetFileApisToANSI
FindAtomA
GetTapeParameters
GetSystemInfo
EnumResourceTypesW
CreateIoCompletionPort
FreeEnvironmentStringsW
FindNextFileW
RequestWakeupLatency
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
SetCalendarInfoA
GetWindowsDirectoryW
GetProfileSectionW
CopyFileExA
DeleteFileA
FlushFileBuffers
GetLastError
MoveFileA
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetMenuCheckMarkDimensions
GetMenuInfo
GetMenuBarInfo

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
null.exe
.exe windows:5 windows x86 arch:x86

b3ec78e0ed5d1ea193492a20f9c8dca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wasa.pdb

Imports

kernel32

GetComputerNameA
EnumResourceNamesW
SearchPathW
CopyFileExW
GetDriveTypeW
SetEndOfFile
GetNumberOfConsoleInputEvents
FindResourceExW
MapUserPhysicalPages
LoadResource
InterlockedIncrement
ScrollConsoleScreenBufferW
CreateDirectoryW
GlobalLock
WriteConsoleInputA
GetCommProperties
FreeEnvironmentStringsA
SetTapeParameters
GetModuleHandleW
CreateNamedPipeW
LocalFlags
GetConsoleAliasesLengthA
GetPrivateProfileStringW
GetWindowsDirectoryA
WriteFile
SetCommState
GetCommandLineA
GetSystemWow64DirectoryA
CreateDirectoryExW
SetProcessPriorityBoost
InitializeCriticalSection
TlsSetValue
GlobalAlloc
LoadLibraryW
GetCalendarInfoA
ReadFileScatter
SetSystemTimeAdjustment
GetSystemWindowsDirectoryA
TerminateProcess
IsDBCSLeadByte
GetBinaryTypeW
GetOverlappedResult
CompareStringW
lstrlenW
GetConsoleOutputCP
VerifyVersionInfoW
InterlockedExchange
ReleaseActCtx
GetFileSizeEx
SetThreadLocale
FindFirstFileA
OpenMutexW
GetCurrentDirectoryW
GetProcAddress
SetVolumeLabelW
WriteProfileSectionA
SetComputerNameA
BuildCommDCBW
GetLocalTime
Process32FirstW
OpenMutexA
OpenWaitableTimerW
SetConsoleCtrlHandler
AddAtomA
FindAtomA
GetSystemInfo
EnumResourceTypesW
CreateIoCompletionPort
SetConsoleTitleW
FindNextFileW
GetConsoleTitleW
RequestWakeupLatency
GetConsoleCursorInfo
GetVersionExA
InterlockedPushEntrySList
GetProfileSectionW
LCMapStringW
AreFileApisANSI
DeleteFileA
GetVolumeInformationW
GetModuleHandleA
FlushFileBuffers
GetStartupInfoA
HeapValidate
IsBadReadPtr
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
InterlockedDecrement
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
CreateFileA
CloseHandle

user32

GetMenuInfo
GetMessageTime
GetMenuCheckMarkDimensions

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e621a9dda4bab203878bb79570221dd7

Code Sign

3c:88:3a:8f:39:21:e9:ef:f8:96:64:67:20:4f:21:a4Certificate

64:7a:49:a9:0e:6c:68:29:3e:43:25:57:bd:cb:cf:5a:1c:90:d0:07:82:e6:45:bd:46:ae:5e:0f:b7:5d:36:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 34KB - Virtual size: 162KB

.reloc Size: 37KB - Virtual size: 37KB

621d175e940c3f2ca7217a398b3c22a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 201KB - Virtual size: 201KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 26KB - Virtual size: 26KB

a044253673528dd98a9dd008f2a6b058

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 220B

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

bf5334edf7817996f04e881057327d72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 454KB - Virtual size: 453KB

.reloc Size: 19KB - Virtual size: 19KB

146d9834dca937c5740063d6c887d411

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 586KB - Virtual size: 585KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 30KB - Virtual size: 30KB

3c:88:3a:8f:39:21:e9:ef:f8:96:64:67:20:4f:21:a4
Certificate

64:7a:49:a9:0e:6c:68:29:3e:43:25:57:bd:cb:cf:5a:1c:90:d0:07:82:e6:45:bd:46:ae:5e:0f:b7:5d:36:78
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 34KB - Virtual size: 162KB

.reloc
Size: 37KB - Virtual size: 37KB

.text
Size: 201KB - Virtual size: 201KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 220B

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 454KB - Virtual size: 453KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 586KB - Virtual size: 585KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 384KB - Virtual size: 383KB

.rsrc
Size: 1024B - Virtual size: 680B

.reloc
Size: 1024B - Virtual size: 12B

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 295KB - Virtual size: 295KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 27KB - Virtual size: 26KB