darkvision | STUB[.]EXE

Sharing

Copy URL

Twitter E-mail

General

Target

STUB.EXE
Size

276KB
MD5

31b8cb9b5e6856908ab3d5d138f6a7b0
SHA1

bad93dd87c7863a95e1ae79135bd9f8f78228f13
SHA256

5159d8e2d07c08e4280c303b1a74c93efb3129348e381c3bb0656f6abaf2d3b1
SHA512

fd30b645368ff6f91c875db93c788e6dd7453d19f04dd7d8bffb12ddcee8d587dacea7aefda4e2638ff8161ad3deca3b0e6997ca3e2bb98318f070e163fcd1ec
SSDEEP

3072:rrDyh1bdjkWxF/1PVg88WRhgEr1yNhT2xE/3MW7o4+W95nB35Epr1R:uhhJDFgX3Er8PTAE/3JR5Za

Score

10^/10

darkvision

Malware Config

Signatures

Darkvision family
darkvision

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
STUB.EXE

Files

STUB.EXE
.exe windows:5 windows x64 arch:x64

9f92dbcd19461bb5732666a7e6decc6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalAlloc
LoadLibraryW
TerminateProcess
GetCurrentProcess
SetEvent
OpenEventW
CreateFileW
DeleteFileW
CreateProcessW
WriteFile
lstrlenA
lstrcpyW
CopyFileW
SystemTimeToFileTime
GetLocalTime
ReleaseMutex
CreateDirectoryW
lstrlenW
VirtualFreeEx
SetThreadContext
GetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
lstrcpyA
GetProcAddress
GetModuleHandleW
CreateThread
lstrcmpA
VirtualFree
ResetEvent
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
OpenProcess
GetNativeSystemInfo
GetModuleHandleA
VirtualProtect
VirtualAlloc
LoadLibraryA
GetTickCount64
GetComputerNameExW
GetModuleFileNameW
GetTickCount
FlushFileBuffers
HeapReAlloc
LCMapStringW
WriteConsoleW
SetStdHandle
HeapSize
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapAlloc
GetStringTypeW
HeapFree
FlsAlloc
LocalFree
ExitProcess
OpenMutexW
CloseHandle
CreateMutexW
GetLastError
CreateEventW
GetTempPathW
lstrcmpiW
GetCommandLineW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForSingleObject
ResumeThread
Sleep
GetUserGeoID
WaitForMultipleObjects
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
FlsGetValue
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException

ws2_32

WSAStartup
closesocket
shutdown
setsockopt
WSACleanup
recv
gethostname
socket
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send

shlwapi

StrStrIW
StrCmpNIA
wnsprintfW

user32

MessageBoxW
wsprintfW
DestroyWindow
wsprintfA
LoadImageW
GetCursorPos
SetForegroundWindow
CreatePopupMenu
AppendMenuW
PostMessageW
DestroyMenu
DefWindowProcW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
TrackPopupMenu

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
CheckTokenMembership
FreeSid
RegSetValueExW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoUninitialize

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
ord680
SHFileOperationW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f92dbcd19461bb5732666a7e6decc6a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

shlwapi

user32

advapi32

ole32

shell32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 77KB - Virtual size: 87KB

.pdata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 77KB - Virtual size: 87KB

.pdata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB