AAA[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

AAA.exe
Size

153KB
MD5

11bba9b2333559b727caf22896092217
SHA1

11d3078e0898eca00abc976cc34da5b25d0cc5d7
SHA256

4297ad0f5bb72616337d88f14c07a6c6d6e0c93d2a9bb5eaa7e09219556aafdb
SHA512

1de464c6f74733475a080cc136c0041efe49cd3d2c4faed007b1175fb89f138a3b0156da8926d28c0c62b59f855a13d310fda374b078347970cf7a756b01b0b2
SSDEEP

3072:Ud6bnzbZZvufCrkR/K25KeqDYNdf4Z5x8M5+Kb4V9pDVor:Ud6vbZZG6rktKyTkCfQx8M5+E4VDs

Score

1^/10

Malware Config

Signatures

Files

AAA.exe
.exe windows x86

e914ee5933dcbf97ecfbcd451d87890d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
SetThreadPriorityBoost
OpenThread
FindNextVolumeW
FreeUserPhysicalPages
QueryActCtxW
GetModuleHandleExA
ExpungeConsoleCommandHistoryW
RtlUnwind
SwitchToFiber
GetCommConfig
RemoveDirectoryA
GlobalMemoryStatus
LZClose
CreateDirectoryExA
GetProcessIoCounters
RemoveLocalAlternateComputerNameA
GetConsoleOutputCP
GetTapePosition
GetVolumeInformationW
LockFileEx
GetSystemPowerStatus
GetProcessHeaps
TermsrvAppInstallMode
GetConsoleKeyboardLayoutNameW
AddRefActCtx
GlobalFlags
GetConsoleAliasW
WaitForMultipleObjectsEx
SetCalendarInfoA
GetOEMCP
AddLocalAlternateComputerNameW
GetSystemDefaultLangID
SetConsoleInputExeNameW
CancelDeviceWakeupRequest
WaitForSingleObjectEx
DeleteFiber
GetConsoleAliasExesW
HeapLock
DebugSetProcessKillOnExit
GetACP
SetVolumeMountPointA
LZRead
GlobalAlloc
UnhandledExceptionFilter
TlsGetValue
GetConsoleCursorMode
DuplicateConsoleHandle
Toolhelp32ReadProcessMemory
SetNamedPipeHandleState
GetLogicalDrives
GetTapeStatus
GlobalFix
GetCommandLineW
BaseCleanupAppcompatCacheSupport
InterlockedPushEntrySList
GetFileInformationByHandle
LZInit
VirtualAlloc
EnumSystemGeoID
FlushInstructionCache
SetEvent
ReleaseActCtx
SetProcessShutdownParameters
CreateJobObjectW
VirtualProtectEx
GetVolumePathNamesForVolumeNameA
GetWindowsDirectoryW
OpenJobObjectA
lstrcpynW
SetTimeZoneInformation
SetConsoleMaximumWindowSize
EnumLanguageGroupLocalesW
DeleteFileA
GetProfileStringA
GetFirmwareEnvironmentVariableW
lstrlenA
GetConsoleAliasesA
_lwrite
FindFirstChangeNotificationW
GetLocaleInfoW
QueryInformationJobObject
LoadLibraryA
LocalCompact
SetFilePointer
GetConsoleAliasesLengthA
FreeEnvironmentStringsW

ws2_32

WSALookupServiceEnd
WSARecvFrom
WSAInstallServiceClassA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSALookupServiceBeginA
ntohl
closesocket
WSAWaitForMultipleEvents
WSCWriteProviderOrder
WSAGetLastError
WSARecv
WSCEnumProtocols
WSAProviderConfigChange
WSAGetServiceClassNameByClassIdA
WSASocketA
WSASetServiceA
WSANSPIoctl
getpeername
WSADuplicateSocketA
WSCGetProviderPath
getnameinfo
recvfrom
WSAConnect
getprotobyname
WSALookupServiceNextA
WSASendDisconnect
ioctlsocket
WSAAsyncGetHostByName
WSApSetPostRoutine
WSAStringToAddressA
WSAIoctl
setsockopt
freeaddrinfo

wldap32

ldap_parse_page_controlW
ldap_rename_extA
ldap_searchA
ldap_delete_sW
ldap_free_controlsA
ldap_sslinit
ldap_modrdn_sW
ldap_bind_s
ldap_set_optionA
ldap_parse_page_control
ldap_modrdnA
ldap_sasl_bindA
ldap_create_sort_controlW
ldap_search_ext
ldap_openA
ldap_count_values
ldap_ufn2dn
ldap_search_sW
ldap_get_next_page_s
ber_free
ldap_create_vlv_controlA
ldap_explode_dnW
ldap_first_attributeA
ldap_delete
ldap_simple_bind_sW
ldap_rename_ext
ldap_next_reference

opengl32

glRasterPos3f
glInitNames
glColor4s
wglSwapLayerBuffers
glDepthRange
glColor4bv
glMatrixMode
glColor4us
wglCreateLayerContext
glColor3uiv
glTexCoord2iv
glDepthFunc
glVertexPointer
glEvalCoord1f
glOrtho
glCullFace
glRotated
glVertex2i
glColor4usv
glTexCoord3iv
wglUseFontOutlinesA
glRectd
glStencilOp
glMap1d
glNewList
glTexCoord1dv
glColor3usv
glGetFloatv
glTexCoord2i
wglUseFontBitmapsA
glDebugEntry
glListBase
glVertex2f
glViewport
glRectfv
glFeedbackBuffer
glGetMapdv
wglChoosePixelFormat
glRasterPos4f
glColor4sv

wininet

FindFirstUrlCacheContainerW
InternetSetCookieExW
InternetCloseHandle
InternetSecurityProtocolToStringW
InternetTimeFromSystemTime
UrlZonesDetach
InternetCheckConnectionA
SetUrlCacheEntryGroupW
ForceNexusLookup
LoadUrlCacheContent
SetUrlCacheEntryInfoA
HttpOpenRequestA
InternetSetOptionExW
FtpDeleteFileA
InternetQueryOptionW
InternetWriteFileExW
FtpGetFileEx
InternetEnumPerSiteCookieDecisionA
RunOnceUrlCache
InternetConfirmZoneCrossingA
InternetAlgIdToStringA
HttpQueryInfoW
InternetCheckConnectionW
InternetInitializeAutoProxyDll
InternetSetDialStateW
IsHostInProxyBypassList
CommitUrlCacheEntryW
GetUrlCacheEntryInfoExW
FindFirstUrlCacheEntryW
InternetGetLastResponseInfoW
InternetGetCookieExA
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryFile
GopherCreateLocatorA
InternetCreateUrlA

dswave

DllGetClassObject

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e914ee5933dcbf97ecfbcd451d87890d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

wldap32

opengl32

wininet

dswave

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 19KB - Virtual size: 173KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 19KB - Virtual size: 173KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB