new[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

new.exe
Size

1.1MB
MD5

0125dff6e7fe781a9974bb0a04fb68c0
SHA1

bc08be0ea07a5708735fa69fd0b9587e66cf15cc
SHA256

c6dd4d12651a2487db615be4077339cb114163bf4365c1074461566fadd00ffc
SHA512

ee55582f0f96087535860acd97a6fc7dd4840625415fcaeccd7af28d2a976738190cb22da4acbfafe9daefedc7b7095c9bf57111123adc37a0e3e428f7a6de50
SSDEEP

24576:oAeZfZfZfZfZfZfZx3Z2XsHUK8ni0U8SU2GU9ZiIHPcbHNOfL/vZapFqGgqRcpsO:9kRRRRRRxJ28P69U8r2GGiIvYtw3Zapi

Score

1^/10

Malware Config

Signatures

Files

new.exe
.exe windows x86

46ec036f108b9442762024102130efcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

nddeapi

NDdeShareAddA
NDdeShareDelA
NDdeShareGetInfoA

kernel32

GetModuleFileNameA
lstrcmpiA
GetDateFormatW
GetModuleHandleW
GetProcAddress
CreateMailslotW
GetLogicalDriveStringsW
ReadConsoleW
WaitForSingleObject
InitializeCriticalSection
LoadLibraryA
GetConsoleAliasA
GetFileAttributesW
DeleteFileW
SearchPathA
GetACP
GetCommandLineA
CreateFileMappingA
SetErrorMode

advapi32

RegEnumKeyA
RegReplaceKeyW
RegUnLoadKeyA
OpenEventLogA
ClearEventLogW
RegLoadKeyA
LogonUserW
RegCreateKeyExW
InitializeAcl
CryptSignHashW
ControlService
RegDeleteValueA
RegOpenKeyA

shell32

FindExecutableW
SHGetFileInfoW
StrStrA
StrChrW
ShellAboutW
ExtractIconW
SHGetFolderPathA
DllRegisterServer
SHCreateShellItem
SHFree

user32

GetClassLongW
LoadBitmapW
CreateDesktopA
wsprintfA
PostMessageW
GetDlgItemTextW
IsDialogMessageA
DispatchMessageA
GetMessageA
LoadMenuA
LoadStringA
LoadIconW
DialogBoxParamA
CharToOemA
DrawStateA
InsertMenuW
GetPropW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_MEM_READ

.edata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wixburn
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.giats
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bootdat
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46ec036f108b9442762024102130efcd

Headers

DLL Characteristics

File Characteristics

Imports

nddeapi

kernel32

advapi32

shell32

user32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 553KB - Virtual size: 553KB

.edata Size: 30KB - Virtual size: 30KB

.wixburn Size: 31KB - Virtual size: 31KB

.giats Size: 20KB - Virtual size: 20KB

.bootdat Size: 188KB - Virtual size: 188KB

.crt Size: 101KB - Virtual size: 101KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 553KB - Virtual size: 553KB

.edata
Size: 30KB - Virtual size: 30KB

.wixburn
Size: 31KB - Virtual size: 31KB

.giats
Size: 20KB - Virtual size: 20KB

.bootdat
Size: 188KB - Virtual size: 188KB

.crt
Size: 101KB - Virtual size: 101KB