amadey | quarantine[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

quarantine.rar
Size

13.8MB
MD5

f1878dd5e0d6afd4975d879233358f30
SHA1

6cb4542a5ed8e0ab30fc6ca86af04036400fd029
SHA256

f50137e69eab731be6ac6e16fe5f5ce536d64b8e5d3786f7a68c6b4a7afc3940
SHA512

895974447bda698a5a613b22572a757058e8d7cc23e90347b3c3043a5c10645334a7a576366af2cfacff450b184c848903f501711193b51d9c15d4bae3684a7c
SSDEEP

393216:Iq44AjNZutA0JuCa6R7PE7HPu8UBVOmSvvRoO/Jcac:i7KlBaIPE7v8YRyDac

Score

10^/10

a4d2cd amadey litehttp

Malware Config

Extracted

Family

amadey

Version

5.21

Botnet

a4d2cd

http://cobolrationumelawrtewarms.com

http://�� jlgenfekjlfnvtgpegkwr.xyz

Attributes

install_dir
a58456755d
install_file
Gxtuum.exe
strings_key
00fadbeacf092dfd58b48ef4ac68f826
url_paths
/3ofn3jf3e2ljk/index.php

rc4.plain

Signatures

Amadey family
amadey
Litehttp family
litehttp

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.bin
unpack001/351e31a389d6b59faf9842f34bbc27bab411ad796e187b98fb5c59361346a815.bin
unpack001/7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207.bin
unpack001/a6b647b49538fe599002c116ee5cd79c7e2d472cb48b24b1dfcf9a2718088c2a.bin
unpack001/d521f17349128cc6339aecb7a5e41f91ab02d338e5c722cd809d96c3a1c64454.bin
unpack001/df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2.bin

Files

quarantine.rar
.rar
1edc123e5a8ea5ce814e2759ee38453404d4af72a3577b0af55e8d99fa38ef1c.bin
.exe windows:6 windows x86 arch:x86

738a9f5d52d683b5b6a4ba77d2da72af

Code Sign

33:00:3e:3b:13:f8:45:f7:6c:76:d4:87:ab:00:01:00:3e:3b:13
Certificate

Issuer

CN=Microsoft Marketplace CA G 027,OU=EOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/09/2024, 00:07

Not After

16/09/2024, 00:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment

61:12:44:a2:00:00:00:00:00:02
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/03/2011, 21:09

Not After

28/03/2031, 21:19

Subject

CN=Microsoft MarketPlace PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft MarketPlace PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2024, 17:45

Not After

11/04/2029, 17:45

Subject

CN=Microsoft Marketplace CA G 027,OU=EOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

91:7f:a4:94:71:3e:35:03:c7:35:47:66:9e:6a:20:74:1d:05:43:15:00:2d:26:67:52:46:8e:9f:d4:e7:60:28
Signer

Actual PE Digest

91:7f:a4:94:71:3e:35:03:c7:35:47:66:9e:6a:20:74:1d:05:43:15:00:2d:26:67:52:46:8e:9f:d4:e7:60:28

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetFileAttributesA
Process32NextW
CreateFileA
Process32FirstW
CloseHandle
GetSystemInfo
CreateThread
GetThreadContext
GetProcAddress
Wow64RevertWow64FsRedirection
RemoveDirectoryA
ReadProcessMemory
CreateProcessA
CreateDirectoryA
SetThreadContext
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
GetTempPathA
Sleep
CreateToolhelp32Snapshot
SetCurrentDirectoryA
GetModuleHandleA
OpenProcess
ResumeThread
GetComputerNameExW
GetVersionExW
WaitForSingleObject
CreateMutexA
FindClose
PeekNamedPipe
CreatePipe
FindNextFileA
VirtualAlloc
Wow64DisableWow64FsRedirection
WriteFile
VirtualFree
FindFirstFileA
SetHandleInformation
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
WriteConsoleW

user32

GetSystemMetrics
ReleaseDC
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

RevertToSelf
RegCloseKey
RegQueryInfoKeyW
RegGetValueA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
LookupAccountNameA
ImpersonateLoggedOnUser
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegEnumValueA
DuplicateTokenEx
GetSidIdentifierAuthority

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wininet

HttpOpenRequestA
InternetWriteFile
InternetOpenUrlA
InternetOpenW
HttpEndRequestW
HttpAddRequestHeadersA
HttpSendRequestExA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncodersSize
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

ws2_32

closesocket
inet_pton
getaddrinfo
WSAStartup
send
socket
connect
recv
htons
freeaddrinfo

Sections

.text
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.bin
.exe windows:4 windows x64 arch:x64

0cad4d75817cf5181c89bf958567a0e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CopyFileW
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindResourceA
FormatMessageA
FreeLibrary
GenerateConsoleCtrlEvent
GetCommandLineW
GetCurrentProcessId
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessId
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
ReadFile
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_unlock
_wcsdup
_wcsicmp
_wrename
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
mbstowcs
memcpy
memmove
memset
puts
signal
strerror
strlen
strncmp
vfprintf
wcschr
wcscmp
wcslen
wcsncmp

shell32

CommandLineToArgvW
SHFileOperationW
SHGetFolderPathW

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 143KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
351e31a389d6b59faf9842f34bbc27bab411ad796e187b98fb5c59361346a815.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.CSS
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207.bin
.exe windows:4 windows x64 arch:x64

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a6b647b49538fe599002c116ee5cd79c7e2d472cb48b24b1dfcf9a2718088c2a.bin
.exe windows:6 windows x86 arch:x86

81dd082c3ea735ad5ba4cf627001ae92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
HeapSize
CreateFileW
DecodePointer
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
MapViewOfFile
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
GetConsoleMode
ReadFile
HeapReAlloc
GetFileType
LCMapStringW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
CreateFileMappingW
CreateEventW
WaitForSingleObject
IsValidCodePage
CloseHandle
WriteFile
GetStdHandle
RaiseException
EncodePointer
LoadLibraryExW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
WriteConsoleW

user32

GetWindowLongA
GetWindowTextLengthW
GetWindowTextW
EnableWindow
InvalidateRect
DialogBoxParamW
GetWindowTextLengthA
CheckDlgButton
KillTimer
GetDlgItem
MapDialogRect
CharUpperA
LoadIconA
SetCursor
CharUpperW
SetDlgItemTextA
IsDlgButtonChecked
MoveWindow
IsWindowEnabled
SetWindowTextA
SendMessageA
GetWindowTextA
SetWindowLongA
SetTimer
ShowWindow
LoadStringW
DialogBoxParamA
SetWindowTextW
EndDialog
SendMessageW
ScreenToClient
PostMessageA
CharPrevA
LoadStringA
MessageBoxW
LoadCursorA
GetWindowRect

ole32

CoUninitialize
CoInitialize

oleaut32

SysStringByteLen
SysAllocString
VariantCopy
VariantClear

comctl32

ord17

comdlg32

GetOpenFileNameW
GetOpenFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHGetMalloc

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d521f17349128cc6339aecb7a5e41f91ab02d338e5c722cd809d96c3a1c64454.bin
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yuxfscdw
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oiahzgmh
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Badus\OneDrive\Desktop\DLLInjector\DllExecutorApp\DllExecutorApp\obj\Debug\Anubis.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

738a9f5d52d683b5b6a4ba77d2da72af

Code Sign

33:00:3e:3b:13:f8:45:f7:6c:76:d4:87:ab:00:01:00:3e:3b:13Certificate

Extended Key Usages

Key Usages

61:12:44:a2:00:00:00:00:00:02Certificate

Key Usages

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5aCertificate

Key Usages

01Certificate

Extended Key Usages

Key Usages

91:7f:a4:94:71:3e:35:03:c7:35:47:66:9e:6a:20:74:1d:05:43:15:00:2d:26:67:52:46:8e:9f:d4:e7:60:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

gdiplus

ws2_32

Sections

.text Size: 316KB - Virtual size: 316KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 17KB - Virtual size: 17KB

0cad4d75817cf5181c89bf958567a0e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

Sections

.text Size: 110KB - Virtual size: 110KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 11KB - Virtual size: 10KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 143KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 11.3MB - Virtual size: 11.3MB

.reloc Size: 512B - Virtual size: 144B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

.CSS Size: 240KB - Virtual size: 240KB

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

winmm

ole32

shlwapi

33:00:3e:3b:13:f8:45:f7:6c:76:d4:87:ab:00:01:00:3e:3b:13
Certificate

61:12:44:a2:00:00:00:00:00:02
Certificate

33:00:00:00:5a:16:d7:4e:26:9f:01:2b:d4:00:00:00:00:00:5a
Certificate

01
Certificate

91:7f:a4:94:71:3e:35:03:c7:35:47:66:9e:6a:20:74:1d:05:43:15:00:2d:26:67:52:46:8e:9f:d4:e7:60:28
Signer

.text
Size: 316KB - Virtual size: 316KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 110KB - Virtual size: 110KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 11KB - Virtual size: 10KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 143KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 11.3MB - Virtual size: 11.3MB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.CSS
Size: 240KB - Virtual size: 240KB

.code
Size: 23KB - Virtual size: 22KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 19KB - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 454KB - Virtual size: 453KB

.data
Size: 19KB - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 496B

.idata
Size: 512B - Virtual size: 4KB

yuxfscdw
Size: 1.6MB - Virtual size: 1.6MB

oiahzgmh
Size: 1KB - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 12KB

.text
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B