Replace[.]exe | Triage

Target

Replace.exe
Size

34.8MB
MD5

fd5cd14325c51ecab6a57d1d665f8852
SHA1

ea16aa0f197210437733c63a42a8f1dd6442d753
SHA256

d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
SHA512

9a2e4c8baa01fbafe6968905daeb8d3b7eb62c09d1d7584e973ad1c23d964093e161a51a7390dfaa598d2657f45ca17bf00b5055aeaf0441f875ddb364741d71
SSDEEP

786432:i9hj60qHOBbQcVM3sct6C2ubdsUeGXV4yQnb+LQgRkrm12PYfrB:i9kH+o5sG2ysbhrmka

Score

1^/10

Malware Config

Signatures

Files

Replace.exe
.exe windows x86

bca9d407c1135efbdfa23b18bb82c966

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
DestroyWindow
PostMessageA
EndDialog
SetTimer
SendMessageA
LoadIconA
KillTimer
DialogBoxParamA
ShowWindow
SetWindowLongA
GetWindowLongA
GetDlgItem
DialogBoxParamW
SetWindowTextW
SetWindowTextA
MessageBoxW
CharUpperA

shell32

ShellExecuteExA

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

kernel32

FindNextFileA
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetProcessHeap
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
LCMapStringW
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
AreFileApisANSI
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
FormatMessageW
LocalFree
FormatMessageA
ReadFile
SetLastError
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
CreateFileW
CreateFileA
CloseHandle
GetFileSize
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
GetCurrentThreadId
GetSystemDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesW
GetTempPathA
DeleteFileA
DeleteFileW
SetFileAttributesA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
RemoveDirectoryA
GetCurrentProcessId
GetModuleHandleW
CreateDirectoryA
GetTickCount
FindFirstFileW
FindFirstFileA
FindNextFileW
DecodePointer
FindClose
GetFileAttributesW
GetModuleHandleA
GetFileInformationByHandle
GetFileAttributesA
lstrlenW
lstrcatW
GetVersionExA
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
CreateSemaphoreA
CreateEventA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetCommandLineW
CreateThread
CreateProcessW
GetTempFileNameW
CreateProcessA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bca9d407c1135efbdfa23b18bb82c966

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

oleaut32

kernel32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 9KB - Virtual size: 9KB