1[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

1.exe
Size

5.3MB
MD5

d9a8f49b8cab200dcbf2cb5fa375d53a
SHA1

f5a5b7c120a283c043af6acb1532e17d19886922
SHA256

94d116c56730886f2a55b8dec9607284d1b857d6e1889030356c3e4ebc4a18bf
SHA512

6d719ea7322b67a688364798adec797aa897557016516feb1fd6f4d41e23ede2b9ca801a753b92b518baa94c76532bd61abbbe9c45347f097c4f705416c0f2ba
SSDEEP

49152:1uerW1bI2czkpjeLiS3dZYWiyZcklTPIQXIXpX0oSdvSv1LaC+R1MZXcqTWe+1Ap:MeCb8DiyeQXLJdlR1pa4ku6+Y

Score

N/A

Malware Config

Signatures

Files

1.exe
.exe windows x64

90438f7ed585ca9ad17eb3954e2001a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaEnumerateLogonSessions
AcquireCredentialsHandleA
LsaGetLogonSessionData
LsaFreeReturnBuffer
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
ApplyControlToken
FreeContextBuffer

kernel32

CloseHandle
FindClose
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
GetSystemInfo
HeapReAlloc
WakeAllConditionVariable
RemoveDirectoryW
GetUserPreferredUILanguages
GetComputerNameExW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetFileInformationByHandleEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
SleepConditionVariableSRW
GetModuleHandleW
SwitchToThread
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeConditionVariable
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
CreateFileW
SetFilePointerEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetHandleInformation
CreateThread
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
SetFileInformationByHandle
CopyFileExW
HeapFree
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
LocalFree
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
VirtualQueryEx
GlobalMemoryStatusEx
GetTickCount64
GetLogicalDrives
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
RtlVirtualUnwind
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessTimes

ntdll

NtQueryInformationProcess
RtlGetVersion
NtCancelIoFileEx
RtlNtStatusToDosError
NtQuerySystemInformation
NtCreateFile
NtDeviceIoControlFile

advapi32

RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegQueryValueExW

oleaut32

SysFreeString
VariantClear
SysAllocString
SafeArrayDestroy
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound

pdh

PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

crypt32

PFXImportCertStore
CertFreeCertificateChainEngine
CryptStringToBinaryA
CryptUnprotectData
CertCreateCertificateChainEngine
CertFindCertificateInStore
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CryptQueryObject
CertGetNameStringA
CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CertFindExtension

user32

EnumDisplaySettingsExW
GetMonitorInfoW
EnumDisplayMonitors

gdi32

CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
DeleteDC
GetDeviceCaps
CreateDCW
SelectObject
GetDIBits
GetObjectW
DeleteObject
CreateCompatibleDC

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

ws2_32

listen
htons
WSAWaitForMultipleEvents
shutdown
select
WSACloseEvent
recv
send
getsockname
WSASend
WSARecv
getpeername
getsockopt
ntohs
__WSAFDIsSet
freeaddrinfo
getaddrinfo
setsockopt
WSASocketW
bind
htonl
WSACreateEvent
connect
ioctlsocket
WSAIoctl
closesocket
WSAGetLastError
recvfrom
accept
WSACleanup
WSAEnumNetworkEvents
socket
WSAEventSelect
WSAStartup
WSAResetEvent
WSASetLastError

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

powrprof

CallNtPowerInformation

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

psapi

GetPerformanceInfo
GetModuleFileNameExW

vcruntime140

memcmp
strstr
__C_specific_handler
__current_exception
__current_exception_context
strrchr
strchr
memmove
__CxxFrameHandler3
memcpy
memset
memchr

api-ms-win-crt-string-l1-1-0

_strdup
strncmp
strcspn
strcmp
strncpy
strspn
wcslen
strpbrk
strlen
strcpy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
realloc
calloc
_msize

api-ms-win-crt-runtime-l1-1-0

abort
__sys_nerr
_wassert
_crt_atexit
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_endthreadex
__sys_errlist
_seh_filter_exe
_set_app_type
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
terminate
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoll
wcstombs
strtoul

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
ftell
_read
fwrite
_write
fclose
fputc
__stdio_common_vsprintf
fread
_close
feof
fflush
fopen
__stdio_common_vsscanf
_lseeki64
fputs
fseek
fgets
_set_fmode
_open

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_unlink
_fstat64

api-ms-win-crt-math-l1-1-0

_dclass
_fdopen
log
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90438f7ed585ca9ad17eb3954e2001a5

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

ntdll

advapi32

oleaut32

pdh

crypt32

user32

gdi32

bcrypt

ws2_32

shell32

ole32

iphlpapi

powrprof

netapi32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 29KB - Virtual size: 32KB

.pdata Size: 92KB - Virtual size: 91KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 29KB - Virtual size: 32KB

.pdata
Size: 92KB - Virtual size: 91KB

.reloc
Size: 31KB - Virtual size: 30KB