25[.]1[.]3[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

25.1.3.rar
Size

8.2MB
MD5

e3cef5421ab760abf3e12cd6a2a291a2
SHA1

b59ff1bd3aa5813bb53e9666e6062954f2a2e592
SHA256

278e36a41b1023c01e0654fc838ca36d948cf82edd3f69bcf2bcc3d84f934a3a
SHA512

b877bc1228ceccf3a5ee0e763ddae07af816388bb4339326918d66e0eaefb86e1d6232d641bdc2ce26c67ac709387d3684fbd2e0c010824972879772f4efcaba
SSDEEP

196608:+XY9tlhDmDfjmlIPl7LcoaYmGCWGLoN6P/4Vv1wnd:+Q3hCmIl7LJkGCwoPw1Md

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/25.1.3/injector.exe	pyinstaller

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/25.1.3/Asteroid.dll	embeds_openssl

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/25.1.3/Asteroid.dll
unpack001/25.1.3/injector.exe

Files

25.1.3.rar
.rar
25.1.3/Asteroid.dll
.dll windows:6 windows x64 arch:x64

750cbcf4427c99086fa6107ab089c94c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

wldap32

ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord45
ord60
ord211
ord46
ord50
ord217
ord143
ord41
ord22

kernel32

ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetACP
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FormatMessageA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FindClose
FindFirstFileW
FindNextFileW
ReadConsoleA
ReadConsoleW
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualQuery
FormatMessageW
GetTickCount
InitializeSRWLock
SetEvent
FreeLibrary
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
LCMapStringEx
GetLocaleInfoW
EncodePointer
GetLocaleInfoEx
LocalFree
AreFileApisANSI
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
CreateFileW
GetCurrentDirectoryW
VerSetConditionMask
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
SetEndOfFile
IsValidCodePage
GetOEMCP
SetLastError
GetEnvironmentVariableW
RtlVirtualUnwind
GetLastError
GetProcAddress
QueryPerformanceFrequency
GetCommandLineA
GetCommandLineW
GetFileType
SetConsoleTitleW
SetConsoleOutputCP
CreateThread
Sleep
FreeLibraryAndExitThread
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
InitializeCriticalSectionEx
QueryPerformanceCounter
GetEnvironmentStringsW
FlsFree
FlsSetValue
FlsGetValue
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
WideCharToMultiByte
GlobalFree
MultiByteToWideChar
AllocConsole
GlobalUnlock
SetConsoleCursorPosition
GetModuleHandleW
GlobalLock
FillConsoleOutputAttribute
GlobalAlloc
FillConsoleOutputCharacterW
GetConsoleMode
SetConsoleMode
WriteFile
GetStdHandle
CreateEventA
GetConsoleScreenBufferInfo
FlsAlloc
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
SetConsoleCtrlHandler
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
DeleteFileW
HeapSize
WriteConsoleW
DecodePointer
RtlUnwind

user32

SetClipboardData
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
DefWindowProcW
CallWindowProcW
SetWindowLongPtrW
GetSystemMetrics
GetWindowTextA
ClipCursor
ShowCursor
GetAsyncKeyState
MessageBoxA
GetMessageExtraInfo
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
GetClipboardData
MapVirtualKeyW
GetKeyNameTextA
OpenClipboard
CloseClipboard
EmptyClipboard
GetKeyState

comdlg32

GetOpenFileNameW

shell32

ShellExecuteA

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

wininet

InternetQueryOptionW

bcrypt

BCryptGenRandom

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CertGetCertificateChain
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChainEngine
CryptStringToBinaryA
CertFreeCertificateChain

ws2_32

connect
closesocket
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
setsockopt
inet_addr
htons
htonl
WSAGetLastError
socket
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
listen
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
inet_ntoa
WSACleanup

advapi32

CryptGenRandom
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptImportKey
CryptEncrypt
CryptReleaseContext

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
25.1.3/injector.exe
.exe windows:5 windows x64 arch:x64

023abd09c65289e3a2df4aa2b19cccec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetWindowThreadProcessId
ShowWindow

kernel32

CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
SetDllDirectoryW
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
GetCurrentProcessId
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleWindow
HeapSize
GetLastError
WriteConsoleW
SetEndOfFile
GetExitCodeProcess
TlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.pyc

Sharing

General

Malware Config

Signatures

Files

750cbcf4427c99086fa6107ab089c94c

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

wldap32

kernel32

user32

comdlg32

shell32

imm32

d3dcompiler_47

wininet

bcrypt

normaliz

crypt32

ws2_32

advapi32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 160KB - Virtual size: 182KB

.pdata Size: 164KB - Virtual size: 164KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 47KB - Virtual size: 47KB

023abd09c65289e3a2df4aa2b19cccec

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 160KB - Virtual size: 182KB

.pdata
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 47KB - Virtual size: 47KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 2KB - Virtual size: 1KB