25654_92167086_fb6f9cc40cf1e5b43d39f4972b69a03fe049511ae865cf5b245cbcafd75a5d59_expressconnect[.]exe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

25654_92167086_fb6f9cc40cf1e5b43d39f4972b69a03fe049511ae865cf5b245cbcafd75a5d59_expressconnect.exe.exe
Size

2.4MB
MD5

4504ede312bc5bfad05d09541da2de21
SHA1

cdcc6b24a418f75cae1ed6961823c480570f5708
SHA256

fb6f9cc40cf1e5b43d39f4972b69a03fe049511ae865cf5b245cbcafd75a5d59
SHA512

633cae2922ceffb6ea672a35ec62f23c4d3494a48ed8a4a22aa4bebbca39ffcd29314d0d482b1ff43a284660f4f38a7b0352d91e13ccabf829a5c60da53b3ba0
SSDEEP

49152:kTwdsl6o9Tt9alOtCMYi5Ws+jD41QzgucXk3wsvido7T/pF8QA:WWlOfv59sgA3wrgA

Score

N/A

Malware Config

Signatures

Files

25654_92167086_fb6f9cc40cf1e5b43d39f4972b69a03fe049511ae865cf5b245cbcafd75a5d59_expressconnect.exe.exe
.exe windows x64

Password: infected

7eec5e006b0428a51f1821dbcc118525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnregisterWaitUntilOOBECompleted
OOBEComplete
WTSGetActiveConsoleSessionId
GetSystemPowerStatus
LocalAlloc
LocalFree
GetCurrentProcess
GetVersionExW
GetCurrentThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
TerminateProcess
CreatePipe
GetFileAttributesW
GetComputerNameExW
OpenProcess
CreateToolhelp32Snapshot
GetTempPathA
GetTimeZoneInformation
Process32NextW
Process32FirstW
CreateProcessW
GetSystemTimeAsFileTime
GetExitCodeProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
PeekConsoleInputA
ReadFile
GetNumberOfConsoleInputEvents
ReadConsoleW
RegisterWaitUntilOOBECompleted
GetFileSizeEx
GetFileAttributesExW
HeapReAlloc
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetLocalTime
TerminateThread
WaitForSingleObject
CloseHandle
FindClose
FindNextFileA
FindFirstFileA
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency
GetComputerNameA
GetUserDefaultGeoName
GetSystemTime
GetGeoInfoEx
SystemTimeToFileTime
CompareFileTime
GetModuleHandleW
Sleep
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount64
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
GetLastError
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
GetModuleHandleExW
ResumeThread
ExitThread
RtlPcToFileHeader
FileTimeToSystemTime
MoveFileW
DeleteFileW
FlushFileBuffers
ConnectNamedPipe
GetOverlappedResult
ResetEvent
ReadFileEx
GlobalFree
GlobalAlloc
SetEvent
DisconnectNamedPipe
WaitForMultipleObjectsEx
WriteFileEx
CreateNamedPipeW
lstrlenW
CreateFileW
PeekNamedPipe
WriteFile
SetFilePointerEx
RtlUnwindEx
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetProcAddress
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
GetStringTypeW
GetCurrentThreadId
TryEnterCriticalSection
OutputDebugStringW
IsDebuggerPresent

user32

EnumWindows
FindWindowW
SetForegroundWindow
GetWindowTextW
GetMessageW
DefWindowProcW
CreateWindowExW
UnregisterSuspendResumeNotification
PostMessageA
DispatchMessageW
RegisterSuspendResumeNotification
TranslateMessage
LoadIconW
LoadStringW
UpdateWindow
PostQuitMessage
LoadCursorW
RegisterClassExW
ShowWindow
SendMessageW

gdi32

CreateSolidBrush

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ConvertSidToStringSidW
RegQueryValueExW
OpenThreadToken
GetTokenInformation
RegDeleteKeyValueW
RegCreateKeyExW
RegSetValueExW
CreateProcessAsUserW
EventWriteTransfer
EventRegister
EventSetInformation

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoCreateGuid
CLSIDFromString
StringFromCLSID

oleaut32

SysFreeString

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
InitializeIpForwardEntry
DeleteIpForwardEntry2
GetIfTable
InitializeIpInterfaceEntry
DeleteIpForwardEntry
Icmp6SendEcho2
GetIpInterfaceEntry
CreateIpForwardEntry
GetIpForwardTable
GetTcp6Table
GetTcpTable
GetAdaptersInfo
GetAdaptersAddresses
FreeMibTable
GetIpNetTable2
CreateIpForwardEntry2
Icmp6CreateFile

ws2_32

WSARecvFrom
freeaddrinfo
htonl
ioctlsocket
InetNtopW
WSAGetLastError
setsockopt
socket
getnameinfo
inet_addr
inet_ntop
ntohl
getaddrinfo
WSACleanup
WSAStartup
bind
WSAIoctl
closesocket
WSACreateEvent
sendto

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW
PdhRemoveCounter

wlanapi

WlanGetProfileList
WlanGetProfile
WlanConnect
WlanReasonCodeToString
WlanScan
WlanQueryInterface
WlanGetNetworkBssList
WlanDeleteProfile
WlanGetFilterList
WlanSaveTemporaryProfile
WlanGetInterfaceCapability
WlanGetAvailableNetworkList
WlanSetProfile
WlanFreeMemory
WlanRegisterNotification
WlanCloseHandle
WlanEnumInterfaces
WlanOpenHandle
WlanDisconnect

netapi32

NetGetDCName
NetApiBufferFree

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA
WTSRegisterSessionNotification

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpDetectAutoProxyConfigUrl
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSendRequest
WinHttpSetTimeouts

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlVirtualUnwind

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 655KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7eec5e006b0428a51f1821dbcc118525

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ws2_32

pdh

wlanapi

netapi32

userenv

wtsapi32

winhttp

ntdll

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 655KB - Virtual size: 654KB

.data Size: 21KB - Virtual size: 35KB

.pdata Size: 81KB - Virtual size: 81KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 655KB - Virtual size: 654KB

.data
Size: 21KB - Virtual size: 35KB

.pdata
Size: 81KB - Virtual size: 81KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 6KB