npc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

npc.exe
Size

1.7MB
MD5

e69238b4bf072b5deadd1d95ddd8ca06
SHA1

733cc2f89a0c0ac0ea7e9ec5393a734f117d57e4
SHA256

7553d9746e88e8d9b674563916801accc1d37a6b1347f5436a074f7872c6674c
SHA512

fb60bc2277a26680ab84ff3425f4d46f796981f8e699d857a0a9178dd696019e912b78944a007e9928a294eaa1351ab38d41f5e3e6f3a455b2392ce6f549b479
SSDEEP

49152:E2f9RBoLIumt4cFWmcTHd9LCZmlLbucK:E4umtn69IZOu

Score

1^/10

Malware Config

Signatures

Files

npc.exe
.exe windows x64

ddf6fe39defa9bafef1b48c8bd725a57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcceptSecurityContext
DecryptMessage
EncryptMessage
ApplyControlToken
DeleteSecurityContext
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
InitializeSecurityContextW
AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW
LsaEnumerateLogonSessions

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQueryEx
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
ReadProcessMemory
DeviceIoControl
CloseHandle
WaitForMultipleObjects
GetOverlappedResult
GetLastError
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
FindFirstFileW
SwitchToThread
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
FindClose
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
LocalAlloc
CompareStringOrdinal
GetProcessId
GetComputerNameExW
GetCurrentProcessId
CreateFileW
OpenProcess
SetCurrentDirectoryW
MoveFileExW
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
CreateRemoteThreadEx
RemoveDirectoryW
DeleteFileW
CopyFileExW
SetThreadErrorMode
LoadLibraryExW
GetProcAddress
FreeLibrary
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ConnectNamedPipe
ReadFile
WriteFile
CancelIoEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetSystemInfo
CreateNamedPipeW
LocalFree
Sleep
GetModuleHandleA
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
SetHandleInformation
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
GetCurrentDirectoryW
GetCurrentProcess
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
SetFilePointerEx
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindNextFileW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
WriteFileEx
CreateEventW
CancelIo
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW

pdh

PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

iphlpapi

GetIfTable2
FreeMibTable
GetExtendedUdpTable
GetExtendedTcpTable

ntdll

NtCreateFile
NtQueryInformationProcess
NtQuerySystemInformation
RtlGetVersion
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

advapi32

RegOpenKeyExW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegCloseKey
LookupAccountSidW
GetTokenInformation
OpenProcessToken

ws2_32

WSAGetLastError
getsockname
closesocket
WSAStartup
WSASocketW
getpeername
getaddrinfo
setsockopt
bind
WSASend
shutdown
getsockopt
WSAIoctl
connect
freeaddrinfo
send
recv
WSACleanup
ioctlsocket

d3d11

D3D11CreateDevice

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

crypt32

CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateChain

dxgi

CreateDXGIFactory1

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

powrprof

CallNtPowerInformation

oleaut32

SysFreeString
SysAllocString
VariantClear

psapi

GetModuleFileNameExA
GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__CxxFrameHandler3
memset
__current_exception
memmove
memcmp
__C_specific_handler
__current_exception_context
memcpy

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
exit
_exit
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_initterm_e
terminate
_crt_atexit
__p___argc
__p___argv
_register_onexit_function
_cexit
_c_exit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddf6fe39defa9bafef1b48c8bd725a57

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

pdh

iphlpapi

ntdll

netapi32

advapi32

ws2_32

d3d11

bcrypt

crypt32

dxgi

shell32

ole32

powrprof

oleaut32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 661KB - Virtual size: 660KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 39KB - Virtual size: 39KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 661KB - Virtual size: 660KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 39KB - Virtual size: 39KB

.reloc
Size: 10KB - Virtual size: 9KB