11[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

11.exe
Size

6.4MB
MD5

2cd96ae79c4081d24b5f3c72aa3d36d2
SHA1

918218326e2f65b182c5536c8f1066e0334246bb
SHA256

66dd7e5563e26d563f45bebcc36a210b497ce5eb23efcb5e22e388600a892f65
SHA512

0d3af7aedd0dda0a309aa3ad9466fd03e165a9849fdc6756f05ab20f3d417126a7d0797e5e67d3345020f7c1ca4c3afbaf09ba51d3bb730d3ad8aea8743cacfe
SSDEEP

196608:6k9U8Ubjn6JIBAQmKOPXXDSpQoIW9AoIkrBoIibV8kFVzzLLWq28745ob1CR5:6MU/4QmKOPXz6QoIW9AoIkrBoIibV8k0

Score

N/A

Malware Config

Signatures

Files

11.exe
.exe windows x86

8dbdbe846f0ce4d5be56caaec5ace373

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
SetSecurityDescriptorDacl

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

iphlpapi

GetBestRoute
GetIpAddrTable

kernel32

AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OutputDebugStringA
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
QueueUserWorkItem
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SystemTimeToFileTime
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnmapViewOfFile
VirtualLock
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_fdopen
_memicmp
_read
_strdup
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthread
_beginthreadex
_cexit
_chsize
_close
_commit
_errno
_exit
_filbuf
_filelengthi64
_flsbuf
_ftime
_get_osfhandle
_getch
_getcwd
_iob
_isctype
_lseeki64
_onexit
_open
_pctype
_setmode
_snprintf
_stat
_stricmp
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atoi
atol
calloc
ctime
exit
fclose
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getenv
getwc
gmtime
isalpha
isprint
isspace
iswctype
localeconv
localtime
log
malloc
memchr
memcmp
memcpy
memmove
memset
perror
pow
printf
putchar
puts
putwc
qsort
raise
rand
realloc
setbuf
setlocale
setvbuf
signal
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
swprintf
system
time
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
vprintf
wcscoll
wcsftime
wcslen
wcsrchr
wcsstr
wcsxfrm

mswsock

AcceptEx
GetAcceptExSockaddrs

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsW

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSARecv
WSASend
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8dbdbe846f0ce4d5be56caaec5ace373

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

iphlpapi

kernel32

msvcrt

mswsock

shell32

shlwapi

user32

ws2_32

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.data Size: 61KB - Virtual size: 60KB

.rdata Size: 560KB - Virtual size: 560KB

.bss Size: - Virtual size: 22KB

.idata Size: 9KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 8B

.text
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 61KB - Virtual size: 60KB

.rdata
Size: 560KB - Virtual size: 560KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 9KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 8B