file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

6.0MB
MD5

65c2ae916c616382ed8d8df33aa50bbc
SHA1

49f5eea89fd1ee523dd6d5c1efb3b1bddee48764
SHA256

3ed4997b7fc422a343672e1159ca3b4c96b318a63e5ee85dcd7ce1ae9ce7bcd1
SHA512

8f161f9ba84e61e617051ff2ae132683aa284f9675fcdfaefbc6b6b478d3ee75bbf3446541e59c58e8b1b5e6ebbd5b601398a8182d482ba94b8e89d808321a3d
SSDEEP

49152:lKgfSN6T+QgwZ20UEkoICscDrCq/olbBRNSHX83xs9wfETs7128vkVdDUj6zNs5k:hwZ2sqVRbNsCaSenC+nz1a

Score

1^/10

Malware Config

Signatures

Files

file.exe
.exe windows x64

90930df37dc3798c0e5f7020bf134bc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

FreeCredentialsHandle
ApplyControlToken
AcquireCredentialsHandleA
DeleteSecurityContext
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage
QueryContextAttributesW

kernel32

IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetProcAddress
Sleep
GetModuleHandleA
RtlVirtualUnwind
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
SleepConditionVariableSRW
GetSystemInfo
SetHandleInformation
GetCurrentProcessId
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
DuplicateHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
WriteConsoleW
GetCurrentThreadId

advapi32

GetUserNameW
SystemFunction036
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ws2_32

getaddrinfo
getpeername
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
closesocket
getsockname
freeaddrinfo

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateStore

ntdll

NtDeviceIoControlFile
NtCancelIoFileEx
NtCreateFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

vcruntime140

memmove
memset
memcmp
memcpy
__current_exception_context
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception

api-ms-win-crt-runtime-l1-1-0

exit
_configure_narrow_argv
_initialize_narrow_environment
_initterm
__p___argv
_cexit
_get_initial_narrow_environment
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_initterm_e
__p___argc
_exit
_c_exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90930df37dc3798c0e5f7020bf134bc9

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 201KB - Virtual size: 201KB

.rsrc Size: 1024B - Virtual size: 520B

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 201KB - Virtual size: 201KB

.rsrc
Size: 1024B - Virtual size: 520B

.reloc
Size: 35KB - Virtual size: 35KB