agent[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

agent.exe
Size

368KB
MD5

01eb4204323662f59f3ad6e3783fbec8
SHA1

da932c6ec7c23280b785a442183c3230adcc6919
SHA256

ba46808c7d5a6dcae4951ab6a4a0b71409aba04f41cc5836dee6909c8969abc7
SHA512

69b98887dc12736359b5987c027968c87b54d4222c0c8baf88f4a7feef6f90ac40986b46f67a868e120fe71f6a4d80b082746e98c9ebf4e637241b078da58f7b
SSDEEP

6144:eOHC6xWjlBzRd5J8akd4R2COVpCAfjw2:eOHCO2b9d5xAw

Score

N/A

Malware Config

Signatures

Files

agent.exe
.exe windows x86

e6d7143fe4a9983ebc4212f5966ec720

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
CreateFileA
ReadFile
GetTempFileNameA
GetTempPathA
SetFilePointer
GetFileSize
GetProcAddress
GetModuleHandleA
lstrcatA
GetShortPathNameA
GetModuleFileNameA
lstrcmpiA
CreateProcessA
GetCommandLineA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
InterlockedIncrement
QueryPerformanceFrequency
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LoadLibraryA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
RemoveDirectoryA
ResetEvent
GetWindowsDirectoryA
FindClose
FindFirstFileA
GetLocalTime
LockResource
GlobalSize
GlobalLock
GlobalAlloc
FreeResource
GlobalFree
GlobalUnlock
DeleteFileA
Sleep
WriteFile
GetCurrentProcess
GetLastError
SetLastError
CompareStringW
FlushInstructionCache
GetVersionExA
LoadLibraryExA
lstrcpynA
OpenEventA
lstrlenA
IsBadReadPtr
GetOEMCP
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadWritePtr
FreeEnvironmentStringsA
VirtualFree
HeapCreate
VirtualAlloc
LCMapStringA
SetUnhandledExceptionFilter
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TerminateProcess
ExitProcess
HeapSize
GetStartupInfoA
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
SystemTimeToFileTime
QueryPerformanceCounter
FindNextFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
VirtualProtect
VirtualQuery
SearchPathA
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetStringTypeA
GetStringTypeW
GetCPInfo
MultiByteToWideChar
GetACP
FlushFileBuffers
SetEndOfFile
CompareStringA
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
LocalFree
lstrcmpA
CreateThread
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
GetTickCount
lstrlenW
WideCharToMultiByte
lstrcpyA
GetCurrentThreadId

user32

GetWindowRect
BeginPaint
SetForegroundWindow
GetDlgItem
IsWindow
EndPaint
FillRect
IsDlgButtonChecked
ScreenToClient
GetWindowLongA
KillTimer
EndDialog
GetSysColor
LoadStringA
GetActiveWindow
DialogBoxParamA
EnableMenuItem
IsDialogMessageA
GetPropA
CreateDialogIndirectParamA
SetPropA
RemovePropA
SetWindowTextA
SetWindowRgn
ExitWindowsEx
RegisterClassExA
CallWindowProcA
GetClassInfoExA
InvalidateRect
DefWindowProcA
LoadCursorA
ClientToScreen
UpdateWindow
SetCursor
PostMessageA
PtInRect
DestroyCursor
CharNextA
CreateWindowExA
GetMessageA
wsprintfA
PostThreadMessageA
GetDesktopWindow
CharLowerA
GetDC
ReleaseDC
SetWindowLongA
CreateDialogParamA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
DispatchMessageA
DestroyWindow
GetWindow
EnableWindow
GetParent
MapWindowPoints
SystemParametersInfoA
GetClientRect
SendMessageA
SetWindowPos
LoadImageA
SetDlgItemTextA
SendDlgItemMessageA
ShowWindow
CharLowerBuffA

gdi32

CreateSolidBrush
CreateFontIndirectA
DeleteObject
RestoreDC
SetBkColor
SetTextColor
SetBkMode
TextOutA
SaveDC
GetDeviceCaps
SelectObject
CreateRectRgn
GetObjectA

advapi32

RegQueryInfoKeyA
RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumValueA
RegCloseKey
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoCreateGuid
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CLSIDFromProgID
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CLSIDFromString
StringFromGUID2

oleaut32

VariantClear
VarUI4FromStr
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SafeArrayAccessData
SysAllocStringLen
VariantChangeType
VariantInit
SafeArrayCreateVector
SysFreeString
SysAllocString
SysStringLen
DispCallFunc
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SafeArrayUnaccessData

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d7143fe4a9983ebc4212f5966ec720

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 108KB - Virtual size: 105KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 108KB - Virtual size: 105KB