darkvision | STUB[.]EXE

Sharing

Copy URL

Twitter E-mail

General

Target

STUB.EXE
Size

392KB
MD5

50719aa63a1675c0603d9631fcc29304
SHA1

1c71c81f8f58372ac6ee0ed6dbda3af8052212d0
SHA256

f1ab614948bc4f083c360d00c8bb928d87d272d0821ae2c9f6428f8851e16c85
SHA512

ee8bcd30f6565a3b9e8191db515a19c93ca37ba37812bb1fbf68ce7351b12bda25dd506f139dba3235aca8fea822e29fca81cae5e9fea7ea0c2ae38ba8702e67
SSDEEP

6144:JhhJDFgX3Er8PTAE/3JR5X1q/PjWlsv4JbGN2n24peFpm:ThlFgX3EruRbqils6MoDqA

Score

10^/10

darkvision

Malware Config

Signatures

Darkvision family
darkvision

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
STUB.EXE

Files

STUB.EXE
.exe windows:5 windows x64 arch:x64

9f92dbcd19461bb5732666a7e6decc6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalAlloc
LoadLibraryW
TerminateProcess
GetCurrentProcess
SetEvent
OpenEventW
CreateFileW
DeleteFileW
CreateProcessW
WriteFile
lstrlenA
lstrcpyW
CopyFileW
SystemTimeToFileTime
GetLocalTime
ReleaseMutex
CreateDirectoryW
lstrlenW
VirtualFreeEx
SetThreadContext
GetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
lstrcpyA
GetProcAddress
GetModuleHandleW
CreateThread
lstrcmpA
VirtualFree
ResetEvent
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
OpenProcess
GetNativeSystemInfo
GetModuleHandleA
VirtualProtect
VirtualAlloc
LoadLibraryA
GetTickCount64
GetComputerNameExW
GetModuleFileNameW
GetTickCount
FlushFileBuffers
HeapReAlloc
LCMapStringW
WriteConsoleW
SetStdHandle
HeapSize
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapAlloc
GetStringTypeW
HeapFree
FlsAlloc
LocalFree
ExitProcess
OpenMutexW
CloseHandle
CreateMutexW
GetLastError
CreateEventW
GetTempPathW
lstrcmpiW
GetCommandLineW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForSingleObject
ResumeThread
Sleep
GetUserGeoID
WaitForMultipleObjects
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
FlsGetValue
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException

ws2_32

WSAStartup
closesocket
shutdown
setsockopt
WSACleanup
recv
gethostname
socket
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send

shlwapi

StrStrIW
StrCmpNIA
wnsprintfW

user32

MessageBoxW
wsprintfW
DestroyWindow
wsprintfA
LoadImageW
GetCursorPos
SetForegroundWindow
CreatePopupMenu
AppendMenuW
PostMessageW
DestroyMenu
DefWindowProcW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
TrackPopupMenu

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
CheckTokenMembership
FreeSid
RegSetValueExW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
ord680
SHFileOperationW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f92dbcd19461bb5732666a7e6decc6a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

shlwapi

user32

advapi32

ole32

shell32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 77KB - Virtual size: 87KB

.pdata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 137KB - Virtual size: 136KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 77KB - Virtual size: 87KB

.pdata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 137KB - Virtual size: 136KB

.reloc
Size: 2KB - Virtual size: 1KB