2[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

2.exe
Size

3.0MB
MD5

0a4f321c903a7fbc59566918c12aca09
SHA1

b4b918a5898463dad1c7d823e0b3f828bac15aad
SHA256

0f11aeecbde1f355d26c9d406dad80cb0ae8536aea31fdddaf915d4afd434f3f
SHA512

66441969351c684fd16db5c646f09a8b09235a9cb7d2a74f9562b91410f9df17db88722c92efc8e02a61b2c65cb01ca4692f356695176041bf2c885b51da202b
SSDEEP

12288:2IQT0O8iS1vavPvK9qerzrnz2vu9gqr2A30bOjybJzItviNQ:FQT0O80vPi9h3rz19gqr2A3UOOJzI11

Score

N/A

Malware Config

Signatures

Files

2.exe
.exe windows x86

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlUnwind

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

advapi32

LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetNamedSecurityInfoW
SystemFunction036
AccessCheck
MapGenericMask
RevertToSelf
OpenThreadToken
ImpersonateSelf
GetSidIdentifierAuthority
IsValidSid

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

kernel32

GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
CloseHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObject
GetExitCodeProcess
GetProcessHeap
HeapFree
GetLastError
HeapAlloc
OpenProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetCurrentProcessId
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateFileW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetSystemInfo
SleepConditionVariableSRW
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
LocalFree
GetCurrentThread
lstrlenW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
WakeAllConditionVariable
WakeConditionVariable
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
DecodePointer
GetFinalPathNameByHandleW
CreateEventW
ReadFile
CancelIo
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateThread
GetTempPathW
GetConsoleMode
WriteConsoleW
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

oleaut32

SysFreeString
VariantClear
SysAllocString

pdh

PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

shell32

SHGetKnownFolderPath
ShellExecuteExW

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

bcrypt

advapi32

iphlpapi

kernel32

netapi32

oleaut32

pdh

powrprof

psapi

secur32

shell32

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 5KB - Virtual size: 8KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 5KB - Virtual size: 8KB

.reloc
Size: 18KB - Virtual size: 18KB