example[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

example.exe
Size

3.4MB
MD5

2cb7f39a8408769fe1c9d08bda4d5796
SHA1

a2e180197c4ffe5c51a021e3d0f14216fc399154
SHA256

fcf649c068db3141d89c4672fae232dc24621b948e5b13660821552c63e7f26b
SHA512

459d6e3fcd32604e5289155dfdc367a3a379f8028270902b0d9a999a469382a4b1880b9dd1ce1d7b35e41cdea53876859137880de9c05cf45cf522982e1d7398
SSDEEP

49152:0GtlqEhIU6i5mAPWVJYCQTtR6PFIcjJ7ywgLL/gN65Clea0zetgjAFtVztOE4DsM:k+5VkvFIcjofU26bt9q0OzPYi

Score

N/A

Malware Config

Signatures

Files

example.exe
.exe windows x64

30dbcb625159e7a0841141a39c1652f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WinExec
GetCurrentThread
GetTempPathW
VirtualFree
VirtualAlloc
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
SetConsoleTitleA
GlobalFindAtomA
GlobalAddAtomA
LocalFree
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
DecodePointer
Module32Next
Module32First
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
OpenProcess
LoadLibraryA
GetProcAddress
GetModuleHandleA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
DeviceIoControl
CloseHandle
CreateFileA
ExitThread
CreateThread
DeleteFileW
VirtualQuery
VirtualProtect
GetSystemInfo
ExitProcess
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
FreeLibrary
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
MultiByteToWideChar
FormatMessageW
WriteFile
GetModuleHandleW
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind

user32

FindWindowA
MessageBoxW
GetUserObjectInformationW
MessageBoxA
GetAsyncKeyState
GetProcessWindowStation

advapi32

DeregisterEventSource
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
ConvertSidToStringSidA
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
RegSetKeyValueW

shell32

ShellExecuteA

ws2_32

WSAGetLastError
inet_pton
getnameinfo
gethostname
sendto
recvfrom
ntohl
freeaddrinfo
getaddrinfo
ioctlsocket
listen
htonl
socket
send
recv
closesocket
accept
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
select
shutdown
__WSAFDIsSet
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError

wldap32

ord50
ord143
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord46
ord45
ord60
ord211

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty

userenv

UnloadUserProfile

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

ntdll

VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
NtQuerySystemInformation

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30dbcb625159e7a0841141a39c1652f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wldap32

crypt32

userenv

rpcrt4

ntdll

bcrypt

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 830KB - Virtual size: 830KB

.data Size: 36KB - Virtual size: 65KB

.pdata Size: 102KB - Virtual size: 101KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 830KB - Virtual size: 830KB

.data
Size: 36KB - Virtual size: 65KB

.pdata
Size: 102KB - Virtual size: 101KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 31KB - Virtual size: 30KB