Akira[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Akira.exe
Size

5.3MB
MD5

84243d7a96d982a3e543b9c8c075a651
SHA1

a12054558e29966e2d5265299fb05ca791b2875f
SHA256

5dc90c9ad87fa69adda68737c2d2fdbed43e4c89644fcfabc775efa4704df5f1
SHA512

2487577565fcdefa94fc57188b91e179af504b894ad5a342305f9ec23cc920254baff7fc9f09496c6290101cbdbe1e8bf02a174ea4207b9db70dcdbe2382919f
SSDEEP

49152:ZidLE20SYtFrutrkHoWpBVpLNkBASG/OXkd6tewfWn4X61uWdk/qn6/OlF:Z0bYtkA+BASG/OUyxWnrA/OlF

Score

N/A

Malware Config

Signatures

Files

Akira.exe
.exe windows x64

f9cc37191ef9b7ebfd4f0342a68ea2ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

waveOutGetVolume
PlaySoundA
waveOutSetVolume

ws2_32

WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSAEnumNetworkEvents
__WSAFDIsSet
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
ntohl
socket
send
recv
closesocket
accept
WSACleanup
WSAStartup
inet_pton
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select

advapi32

RegDeleteKeyA
CloseServiceHandle
ControlService
OpenServiceA
QueryServiceStatusEx
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenSCManagerA

crypt32

CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore

kernel32

GetCommandLineW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetCurrentThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
WaitForSingleObject
DeleteFileW
CreatePipe
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
HeapSize
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
SetConsoleTitleA
CreateThread
Sleep
SetThreadPriority
ReadProcessMemory
WriteProcessMemory
CreateFileA
WriteFile
WriteConsoleW
CloseHandle
GetCurrentProcessId
TerminateProcess
OpenProcess
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetExitCodeProcess
VirtualQueryEx
GetVolumeInformationA
GetModuleHandleA
GetConsoleWindow
GetTickCount
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetLastError
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
TryEnterCriticalSection
GetModuleHandleW
CloseThreadpoolWait
GetStartupInfoW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
ExitProcess
GetModuleFileNameW
GetModuleHandleExW
DuplicateHandle
CreateProcessW
CopyFileW
CreateDirectoryExW
ExitThread
ResumeThread
InitializeCriticalSectionEx
FreeLibraryAndExitThread
GetTempPathA
RtlUnwind
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
FormatMessageA
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl

user32

GetDesktopWindow
GetWindowTextLengthA
GetWindowTextA
UpdateWindow
IsWindowVisible
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
SendInput
GetWindowThreadProcessId
SetForegroundWindow
SetWindowPos
wsprintfA
GetWindowRect
keybd_event
SendMessageA
WindowFromPoint
PostMessageA
EnumWindows
GetCursorInfo
FindWindowA
GetAsyncKeyState
ShowWindow
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxA
SetCursor

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

shell32

ShellExecuteA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled

d3d11

D3D11CreateDeviceAndSwapChain

wininet

InternetCheckConnectionA

ntdll

ZwQueryVirtualMemory
ZwReadVirtualMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9cc37191ef9b7ebfd4f0342a68ea2ff

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

advapi32

crypt32

kernel32

user32

gdi32

shell32

imm32

d3dcompiler_47

dwmapi

d3d11

wininet

ntdll

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 37KB - Virtual size: 96KB

.pdata Size: 175KB - Virtual size: 174KB

.idata Size: 16KB - Virtual size: 15KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 278KB - Virtual size: 278KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 37KB - Virtual size: 96KB

.pdata
Size: 175KB - Virtual size: 174KB

.idata
Size: 16KB - Virtual size: 15KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 278KB - Virtual size: 278KB

.reloc
Size: 21KB - Virtual size: 20KB