SS[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SS.exe
Size

2.2MB
MD5

d6db439fa1b01f5aa57feb297182ce77
SHA1

75ec0349322129c9a84ac474d506b36a5767a5bd
SHA256

8546f35e43dbb136f21a0efb5add38563f15bd4c15fdb45e512f9453b5258c46
SHA512

19549bd2fde4f37b921379e854281b819fb85fb2030dbc968a627fb29d399faeb66ac86bd14b2bfb7fdfa7ef989c67827b80c564ccbf89de51c142c0a35bd9b9
SSDEEP

49152:+hpmQ5ysefdg4dmDVL2NRsDwFW2KAATKZFA2bnt:4pYsDeW2qkFA2

Score

N/A

Malware Config

Signatures

Files

SS.exe
.exe windows x64

66ebfe0f07fef97554c7e07984c6513f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

wintrust

WinVerifyTrust

ws2_32

bind
closesocket
recv
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
htonl
send
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
inet_ntoa
ntohl
inet_pton
connect

crypt32

CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

wldap32

ord22
ord41
ord50
ord45
ord46
ord217
ord143
ord27
ord32
ord33
ord211
ord60
ord35
ord79
ord30
ord200
ord301
ord26

normaliz

IdnToAscii

kernel32

CloseHandle
RaiseException
HeapAlloc
DecodePointer
LocalFree
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FormatMessageA
VirtualQueryEx
DeviceIoControl
Sleep
CreateFileA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
Process32First
FindFirstFileA
TerminateProcess
GetModuleFileNameW
K32GetModuleFileNameExW
OpenFileById
FindClose
OpenProcess
CreateToolhelp32Snapshot
GetFinalPathNameByHandleA
K32GetModuleFileNameExA
Process32Next
CreateThread
GetCurrentProcessId
AllocConsole
GetProcessTimes
GetComputerNameA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FreeLibrary
HeapReAlloc
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
WriteFile
SetFilePointerEx
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitProcess
WriteConsoleW
GetModuleHandleExW
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLastError
HeapSize
LocalAlloc
InitializeCriticalSectionEx
GetCurrentProcess
HeapFree
GetProcAddress
GetModuleHandleA
EncodePointer
DuplicateHandle
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
FindFirstFileExW
FindNextFileW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
SetEndOfFile
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
FormatMessageW
SetLastError
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
AreFileApisANSI
GetFullPathNameW
GetFileAttributesExW
TryEnterCriticalSection

user32

GetWindowTextA
UnregisterClassA
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
ClientToScreen
GetCapture
GetActiveWindow
ScreenToClient
LoadCursorA
GetKeyState
UpdateWindow
RegisterClassExA
GetWindowTextLengthA
PostQuitMessage
PeekMessageA
LoadIconA
SendMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
EnumWindows
GetWindowLongA
FindWindowExA
SetWindowLongA
ShowWindow
SetWindowPos
IsWindowVisible
DestroyWindow
GetWindowRect
DispatchMessageA
GetSystemMenu
GetWindowThreadProcessId

advapi32

CryptDestroyKey
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
GetUserNameA
RegQueryValueExA
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptEncrypt
CryptImportKey
OpenProcessToken
CryptDestroyHash
CryptHashData

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

vmprotectsdk64

VMProtectEnd
VMProtectBeginUltra
VMProtectBeginMutation
VMProtectBeginVirtualization

ntdll

RtlLookupFunctionEntry
NtReadVirtualMemory
NtQuerySystemInformation
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetIpErrorString
IcmpSendEcho

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ebfe0f07fef97554c7e07984c6513f

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

wintrust

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

advapi32

shell32

ole32

oleaut32

vmprotectsdk64

ntdll

imm32

iphlpapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 702KB - Virtual size: 702KB

.data Size: 58KB - Virtual size: 70KB

.pdata Size: 60KB - Virtual size: 60KB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 702KB - Virtual size: 702KB

.data
Size: 58KB - Virtual size: 70KB

.pdata
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 7KB - Virtual size: 7KB