abstra[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

abstra.exe
Size

4.5MB
MD5

166672e8618270898071c586e4eccd74
SHA1

b77304960f1836f5e98eadfdd2576d8a21361ead
SHA256

27196aea5ba344d4e9d9b749c095735671f26dc5fabb5d63170a6888a0e34d6c
SHA512

ff8d5638d12df87de39803c9ca6b4c5bae942966755b9c0c57e98d296146398312c1b1109457967f8402be6c32e2b9ab9b9f6cbfd84080dc70569d5b15ff4ba4
SSDEEP

49152:RHmzNJHkCHCmCZkvcPnCF907fX8oWn4RSvC+VwwL/lZV4PRinE2ZN2HMJNb1BF:RQa1Ry4RSLJjYsJNb1BF

Score

1^/10

Malware Config

Signatures

Files

abstra.exe
.exe windows x64

77d540036b02f5802a41db8e1b006a19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
NtDeviceIoControlFile
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtCancelIoFileEx

kernel32

SetLastError
InitializeSRWLock
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
GetProcAddress
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
SetHandleInformation
GetCurrentProcessId
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetSystemInfo
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeSListHead
GetHandleInformation
EnterCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
GetProcessHeap
HeapFree
SetConsoleMode
HeapAlloc
GetConsoleMode
FormatMessageW
LoadLibraryA
FreeLibrary
WaitForSingleObject
CreateFileW
AcquireSRWLockShared
WriteConsoleW
ReleaseMutex
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
ReleaseSRWLockShared
AcquireSRWLockExclusive
SwitchToThread
GetCurrentProcess
GetCurrentDirectoryW
GetEnvironmentVariableW
ReleaseSRWLockExclusive
CloseHandle
SetFilePointerEx
GetStdHandle
TerminateProcess
QueryPerformanceCounter
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
GetSystemTimeAsFileTime
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
GetFileInformationByHandle
DeviceIoControl
GetFinalPathNameByHandleW
GetFullPathNameW
CreateThread
TlsGetValue
TlsSetValue
GetModuleHandleA
IsProcessorFeaturePresent

ws2_32

recv
shutdown
WSASocketW
getsockname
getpeername
WSAStartup
connect
WSASend
getsockopt
bind
WSAGetLastError
WSAIoctl
ioctlsocket
setsockopt
WSACleanup
getaddrinfo
send
closesocket
freeaddrinfo

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

secur32

EncryptMessage
DecryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
ApplyControlToken
QueryContextAttributesW
AcquireCredentialsHandleA

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateStore
CertCloseStore
CertOpenStore
CertGetCertificateChain

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

shell32

SHCreateItemFromParsingName

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__CxxFrameHandler3
memcpy
__current_exception
memcmp
memset
memmove
__current_exception_context
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_seh_filter_exe
terminate
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
_errno
_wassert
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_set_app_type
_exit

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77d540036b02f5802a41db8e1b006a19

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

secur32

crypt32

ole32

shell32

oleaut32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 12KB - Virtual size: 15KB

.pdata Size: 160KB - Virtual size: 159KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 12KB - Virtual size: 15KB

.pdata
Size: 160KB - Virtual size: 159KB

.reloc
Size: 33KB - Virtual size: 33KB