sample[.]exe | Triage

Resubmissions

28-03-2023 04:55

230328-fkgp1aag9x 1

28-03-2023 04:52

230328-fhtxjsag81 1

Sharing

Copy URL

Twitter E-mail

General

Target

sample.exe
Size

345KB
MD5

1e706b1e8d3bd3764e3ee4bf5fe509d8
SHA1

ba457bfcdc1b66609f142c3578be647c51d1356d
SHA256

29f0dbf2d07c4b68c3c9ee0d139d80bad3e9058fbf9dbd574cb5b047cf742e74
SHA512

f1b6eb345e3114e68a8b78cb711717b60b4604e6ff7578c2df3861187946b05b77259243e5b04c4b7e4a16dd6b1045a94f99cbeb46e5eac9e8c43c82d9e9d924
SSDEEP

6144:wcmeAN+Afg0gU8KISEvRHfsEGgHR4H94raeG8EvrDk2NdLQ:5m9+AfgsfEvRHfsE/wX7s2NdLQ

Score

1^/10

Malware Config

Signatures

Files

sample.exe
.exe windows x64

0d071b0abcb701eeaf92d098a8709258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathUnquoteSpacesW
PathQuoteSpacesW
PathFindExtensionW

kernel32

GetSystemTime
MoveFileW
Sleep
CopyFileW
FileTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
GetFileInformationByHandle
ReadFile
FlushFileBuffers
SetHandleInformation
CreatePipe
DuplicateHandle
GetCommandLineW
TlsAlloc
GetModuleFileNameW
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
SetWaitableTimer
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
CreateWaitableTimerW
CreateFileW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
FlsSetValue
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
RtlUnwindEx
FlsAlloc
SetEndOfFile
SetFilePointer
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetExitCodeThread
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
GetExitCodeProcess
GetCurrentProcess
GetProcessAffinityMask
GetEnvironmentVariableW
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
SetConsoleTitleW
GetStdHandle
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetProcessHeap
HeapAlloc
GetComputerNameW
HeapFree
GetLastError
FlsFree
SetLastError
GetCurrentThreadId
InitializeCriticalSection
FlsGetValue
DecodePointer
MultiByteToWideChar
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer

user32

EnumWindows
PostThreadMessageW
PostMessageW
GetSystemMetrics
SetWindowLongPtrW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
SetWindowPos
SetDlgItemInt
SendMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItem
EnableWindow
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
LoadImageW

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceKeyNameW
EnumServicesStatusW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetServiceDisplayNameW
CloseServiceHandle
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0d071b0abcb701eeaf92d098a8709258

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 144KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 158KB - Virtual size: 158KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 144KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 158KB - Virtual size: 158KB