executable[.]1740[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

executable.1740.exe
Size

767KB
MD5

2c3a55911d40c3ad753cfdaa96dafacf
SHA1

f901de9fa25a8cdd8d99c509e7c64861629f3383
SHA256

2de315f23b25f2802296b84cc8ff391a946f5eb981d7b4637806cbb8fd706648
SHA512

6d59027df08b9b4b69e05eb4c8da7262bdaf50d0f145581c504ce31a609379e78cf47a490b9a4c0b185002f7fe8e0cbe454e2af6e815b955f01e2510bfd77119
SSDEEP

12288:F4C6VSJAjfxfVjmubWYK0/3fcV2+HlQVGGMo3+AIc+gyEctg:T6oJAj59Bbs0/P0LGMoVTctg

Score

1^/10

Malware Config

Signatures

Files

executable.1740.exe
.exe windows x86

Password: Oxtenho

6ad97afeb4722ffecf9eae2d11816cb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

cygcrypt-0

crypt

cygcrypto-1.0.0

AES_encrypt
AES_set_encrypt_key
BIO_ctrl
BIO_free
BIO_new
BIO_s_mem
BIO_write
BN_CTX_free
BN_CTX_get
BN_CTX_new
BN_CTX_start
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_dup
BN_free
BN_hex2bn
BN_is_bit_set
BN_mask_bits
BN_new
BN_num_bits
BN_print_fp
BN_rand
BN_set_bit
BN_set_word
BN_sub
BN_value_one
CRYPTO_free
DH_compute_key
DH_free
DH_generate_key
DH_new
DH_size
DSA_SIG_free
DSA_SIG_new
DSA_do_sign
DSA_do_verify
DSA_free
DSA_generate_key
DSA_generate_parameters_ex
DSA_new
ECDH_compute_key
ECDSA_SIG_free
ECDSA_SIG_new
ECDSA_do_sign
ECDSA_do_verify
EC_GROUP_cmp
EC_GROUP_free
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_GROUP_get_order
EC_GROUP_method_of
EC_GROUP_new_by_curve_name
EC_GROUP_set_asn1_flag
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_new_by_curve_name
EC_KEY_set_asn1_flag
EC_KEY_set_group
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_METHOD_get_field_type
EC_POINT_clear_free
EC_POINT_cmp
EC_POINT_free
EC_POINT_get_affine_coordinates_GFp
EC_POINT_is_at_infinity
EC_POINT_mul
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_get_app_data
EVP_CIPHER_CTX_init
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_set_app_data
EVP_CIPHER_CTX_set_key_length
EVP_Cipher
EVP_CipherInit
EVP_Digest
EVP_DigestFinal_ex
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_MD_CTX_cleanup
EVP_MD_CTX_copy_ex
EVP_MD_CTX_init
EVP_MD_CTX_md
EVP_MD_block_size
EVP_PKEY_free
EVP_PKEY_get1_DSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_RSA
EVP_aes_128_cbc
EVP_aes_128_ctr
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_192_ctr
EVP_aes_256_cbc
EVP_aes_256_ctr
EVP_aes_256_gcm
EVP_bf_cbc
EVP_cast5_cbc
EVP_des_cbc
EVP_des_ede3_cbc
EVP_enc_null
EVP_md5
EVP_rc4
EVP_ripemd160
EVP_sha1
EVP_sha256
EVP_sha384
EVP_sha512
OPENSSL_add_all_algorithms_noconf
PEM_read_bio_PrivateKey
PEM_write_bio_DSAPrivateKey
PEM_write_bio_ECPrivateKey
PEM_write_bio_RSAPrivateKey
RAND_seed
RAND_status
RSA_blinding_on
RSA_free
RSA_generate_key_ex
RSA_new
RSA_private_decrypt
RSA_public_decrypt
RSA_public_encrypt
RSA_sign
RSA_size
SSLeay
SSLeay_version

cygwin1

__b64_ntop
__b64_pton
__ctype_ptr__
__cxa_atexit
__errno
__getreent
__main
__progname
_chown32
_dll_crt0@0
_exit
_fchown32
_fcntl64
_fdopen64
_fopen64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgid32
_getgrgid32
_getgrnam32
_getgroups32
_getpwuid32
_getuid32
_impure_ptr
_initgroups32
_lseek64
_lstat64
_mmap64
_open64
_setegid32
_seteuid32
_setgid32
_setgroups32
_setmode
_setregid32
_setreuid32
_stat64
_truncate64
accept
alarm
arc4random
arc4random_buf
arc4random_stir
arc4random_uniform
asprintf
atoi
bind
bzero
calloc
cfsetispeed
cfsetospeed
chdir
chmod
chroot
clock_gettime
close
closedir
closelog
connect
ctime
cygwin_detach_dll
cygwin_internal
cygwin_logon_user
cygwin_set_impersonation_token
daemon
dirfd
dirname
dll_dllcrt0
dup
dup2
endgrent
endpwent
execl
execv
execve
exit
fchmod
fclose
fflush
fgetc
fgets
fileno
fork
fprintf
fputc
fputs
free
freeaddrinfo
fstatvfs
fsync
futimes
fwrite
gai_strerror
getaddrinfo
getcwd
getenv
getgrouplist
gethostname
getnameinfo
getopt
getpeereid
getpeername
getpgid
getpid
getprotobyname
getpwnam
getsockname
getsockopt
gettimeofday
index
inet_ntoa
inet_ntop
ioctl
isatty
kill
link
listen
localtime
login
logout
logwtmp
malloc
memchr
memcmp
memcpy
memmove
memset
mkdir
munmap
nanosleep
opendir
openlog
openpty
optarg
optind
optreset
pathconf
pclose
perror
pipe
poll
popen
posix_memalign
printf
putchar
puts
raise
read
readdir
readlink
readv
realloc
realpath
recvmsg
rename
rewind
rmdir
select
sendmsg
setenv
setpassent
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigprocmask
snprintf
socket
socketpair
sscanf
statvfs
strcasecmp
strchr
strcmp
strcspn
strdup
strerror
strftime
strlcat
strlcpy
strlen
strncasecmp
strncmp
strncpy
strpbrk
strrchr
strsep
strspn
strtok
strtol
strtoll
strtoul
symlink
sysconf
syslog
tcgetattr
tcsendbreak
tcsetattr
time
tolower
ttyname
umask
unlink
unsetenv
usleep
utimes
vasprintf
vsnprintf
waitpid
write

cyggssapi_krb5-2

GSS_C_NT_HOSTBASED_SERVICE
gss_accept_sec_context
gss_acquire_cred
gss_add_oid_set_member
gss_create_empty_oid_set
gss_delete_sec_context
gss_display_name
gss_display_status
gss_export_name
gss_get_mic
gss_import_name
gss_indicate_mechs
gss_init_sec_context
gss_krb5_copy_ccache
gss_release_buffer
gss_release_cred
gss_release_name
gss_release_oid_set
gss_test_oid_set_member
gss_verify_mic

cygkrb5-3

krb5_cc_close
krb5_cc_destroy
krb5_cc_get_name
krb5_cc_initialize
krb5_cc_resolve
krb5_cc_store_cred
krb5_free_context
krb5_free_error_message
krb5_free_principal
krb5_get_error_message
krb5_get_init_creds_password
krb5_init_context
krb5_kuserok
krb5_parse_name
krb5_sname_to_principal
krb5_verify_init_creds

cygz

deflate
deflateEnd
deflateInit_
inflate
inflateEnd
inflateInit_

cyggcc_s-1

__addvdi3
__addvsi3
__divdi3
__moddi3
__mulvdi3
__mulvsi3
__negvsi2
__subvdi3
__subvsi3
__udivdi3
__umoddi3

cygssp-0

__stack_chk_fail
__stack_chk_guard

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/14
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/24
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Oxtenho

6ad97afeb4722ffecf9eae2d11816cb1

Headers

DLL Characteristics

File Characteristics

Imports

cygcrypt-0

cygcrypto-1.0.0

cygwin1

cyggssapi_krb5-2

cygkrb5-3

cygz

cyggcc_s-1

cygssp-0

kernel32

Sections

.text Size: 458KB - Virtual size: 457KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 228KB - Virtual size: 227KB

/4 Size: 512B - Virtual size: 53B

/14 Size: 64KB - Virtual size: 63KB

.bss Size: - Virtual size: 22KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

/24 Size: 512B - Virtual size: 20B

.text
Size: 458KB - Virtual size: 457KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 228KB - Virtual size: 227KB

/4
Size: 512B - Virtual size: 53B

/14
Size: 64KB - Virtual size: 63KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

/24
Size: 512B - Virtual size: 20B