a[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

a.exe
Size

557KB
MD5

21e9327a11f82e300c9d753b86df3a19
SHA1

6c4a1287a8ca9aafac2d75f208cc5a640fec58af
SHA256

c0409c6c6274d4fd3f514fc748e00e67974d3c97169d7e122a6096d80cd20d26
SHA512

f152667d4c19bf843dd32cfffa72aca59be139e0b3354c0b729832490d093625c0baffe9148b0aa0224f955ee9e9ef7eaea642d5b72e28497f44fa28fe0e03b7
SSDEEP

6144:gdaAsnWBKoFio3qCvuoOx6iaDHVE0T3iRgZC6NwF84xbZsLf3ohp6Tsd/a6/KKh:gknPoFiAiaBE0TUwNwFRmLf3orW6f

Score

1^/10

Malware Config

Signatures

Files

a.exe
.exe windows x64

51cb78b8057283ad6d2951fb894fb02a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
GetCurrentThreadId
PostQueuedCompletionStatus
CreateEventW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
CancelIoEx
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
CreateFileW
WaitForMultipleObjects
SetFileAttributesW
Sleep
GetSystemInfo
ResetEvent
GetCurrentProcess
GetProcessId
OpenProcess
GetLogicalDriveStringsW
MultiByteToWideChar
WideCharToMultiByte
MoveFileW
WriteConsoleW
WriteFile
EnterCriticalSection
SetLastError
TlsSetValue
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
SetWaitableTimer
GetFileSizeEx
GetFileAttributesW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
RtlPcToFileHeader
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwindEx
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
RtlUnwind

advapi32

CryptEncrypt
CryptAcquireContextW
CryptGenRandom

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

ws2_32

WSAStartup
WSACleanup

crypt32

CryptDecodeObjectEx
CryptStringToBinaryA
CryptImportPublicKeyInfo

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

rstrtmgr

RmRegisterResources
RmEndSession
RmShutdown
RmStartSession
RmGetList

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51cb78b8057283ad6d2951fb894fb02a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

crypt32

wtsapi32

rstrtmgr

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 17KB - Virtual size: 23KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 17KB - Virtual size: 23KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB