file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

4.3MB
MD5

27a4ecb014b822087fb0750a2fc49925
SHA1

3cc775bf46a0931a06747d356a85c9e13e2b8671
SHA256

ae380a05cc3e2322d4a23249bfdb6ba3d998248d42c5f2c30a3dbea8d96ce697
SHA512

eb86c39e89178884be3edf262d30e1a58b48d193636592645f96d4797438bc2dccc4eee5691eb4f8809dbaf4c635c7c7bbe2e3016a8b80bb798d8fcd3f57721b
SSDEEP

98304:yAhWswkPtEI85ApkVHuLYikVGjsLQz7JVvxXhk1ePj2:jR1PtEn55OLYivjsS7J5xm1

Score

N/A

Malware Config

Signatures

Files

file.exe
.exe windows x86

2ca47cd54b04ae5c17f94e28b616ad72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

GetCurrentProcessId
GetTickCount
CloseHandle
WaitForSingleObject
ReleaseMutex
GetLastError
SetLastError
CreateProcessW
CreateMutexW
SetFilePointer
CreateFileW
WriteFile
OutputDebugStringA
FormatMessageA
ExpandEnvironmentStringsW
InterlockedCompareExchange
InterlockedExchange
SetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
IsDebuggerPresent
RaiseException
GetCurrentThreadId
Sleep
RtlCaptureStackBackTrace
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetStdHandle
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleW
GetSystemInfo
TerminateProcess
ReadFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetNativeSystemInfo
GetVersionExW
LocalFree
VirtualFree
VirtualAlloc
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedDecrement
InitializeCriticalSection
ExitProcess
UnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
HeapAlloc
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleFileNameA
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
GetSystemDirectoryW
GetUserDefaultUILanguage
SetEndOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
GetTempPathW
GetWindowsDirectoryW
LocalAlloc
GetProcessHeap
GetThreadLocale
GetEnvironmentVariableA
GetCommandLineW
SetEnvironmentVariableA
LoadLibraryW
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
SetCurrentDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
InterlockedIncrement
UnmapViewOfFile

winmm

timeGetTime

user32

CharUpperW
MessageBoxW

advapi32

InitializeSecurityDescriptor
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
SetSecurityDescriptorDacl
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Sections

.text
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

LeaCalwe
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erhard
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cecelia
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.farshid
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.antonia
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ca47cd54b04ae5c17f94e28b616ad72

Headers

File Characteristics

Imports

shlwapi

kernel32

winmm

user32

advapi32

Sections

.text Size: 549KB - Virtual size: 548KB

.rdata Size: 251KB - Virtual size: 251KB

.data Size: 10KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 39KB - Virtual size: 38KB

LeaCalwe Size: 3.4MB - Virtual size: 3.4MB

.erhard Size: 512B - Virtual size: 3KB

.cecelia Size: 512B - Virtual size: 3KB

.farshid Size: 512B - Virtual size: 3KB

.antonia Size: 512B - Virtual size: 512B

.text
Size: 549KB - Virtual size: 548KB

.rdata
Size: 251KB - Virtual size: 251KB

.data
Size: 10KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 39KB - Virtual size: 38KB

LeaCalwe
Size: 3.4MB - Virtual size: 3.4MB

.erhard
Size: 512B - Virtual size: 3KB

.cecelia
Size: 512B - Virtual size: 3KB

.farshid
Size: 512B - Virtual size: 3KB

.antonia
Size: 512B - Virtual size: 512B