2[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

2.exe
Size

4.6MB
MD5

5658b3a6cf75308ef3dc3842ef7ed50f
SHA1

a8f1afde717f641b07dadaceb7533437de948b12
SHA256

e669735ce3ff936d3c25f16b7b635eb87d8df589fd8d29624fa9c0d75832b945
SHA512

396fec99da1addc25f708410e70b918bc94959a335364f552953454efdf330954efdf404dc186cd012cfa4e7913686145dacdfb6fdb98e3f1ea935164efba753
SSDEEP

49152:xGtlqDfIU6ivVwASOwFBin5sefu8IIIi5TaxekrdRXHZgvkY9WUZ4qbYPN7QJFQk:Y+YFBi3m4WpT+kgWU2QJF7KCgOXCST

Score

1^/10

Malware Config

Signatures

Files

2.exe
.exe windows x64

1290d333596693105906a9b219d52c40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
PFXImportCertStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CryptDecodeObjectEx
CryptStringToBinaryA
CertFindExtension
CertGetCertificateContextProperty

kernel32

QueryPerformanceCounter
Sleep
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
CompareFileTime
GetSystemTimeAsFileTime
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetHandleInformation
GetOverlappedResult
CancelIo
CreateEventA
WaitNamedPipeA
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
FormatMessageA
GetStringTypeW
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTickCount
CloseHandle
WriteFile
SetFilePointerEx
ReadFile
GetFileTime
GetFileType
GetFileSizeEx
MoveFileExW
DeleteFileW
CreateFileW
LoadLibraryA
FormatMessageW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
RtlUnwind
FlsAlloc
GetConsoleOutputCP
GetModuleFileNameW
ExitProcess
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
GetSystemTime
FindFirstFileW
ConvertThreadToFiberEx
SetFileAttributesW
LocalFree
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
GetTempPathW
GetProcAddress
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlVirtualUnwind
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
GetModuleHandleW
GetACP
GetCurrentProcessId
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
FindWindowA
SendMessageA

advapi32

CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptAcquireContextW
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
GetSecurityInfo
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSetHashParam
CryptEnumProvidersW

bcrypt

BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDeriveKeyPBKDF2
BCryptGenRandom
BCryptFinishHash
BCryptDestroyHash

ws2_32

sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ioctlsocket
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
gethostname
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
ntohs
closesocket

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1290d333596693105906a9b219d52c40

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

bcrypt

ws2_32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 35KB - Virtual size: 51KB

.pdata Size: 157KB - Virtual size: 157KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 35KB - Virtual size: 51KB

.pdata
Size: 157KB - Virtual size: 157KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 44KB - Virtual size: 44KB