pastetw[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pastetw.exe
Size

2.1MB
MD5

a1a020268bceaace4bd1e1ed8a2bbd41
SHA1

ca46f01912547de52a4d20dfd29df493e675b91d
SHA256

cb976d51d7fddda92ce979c6b654dce8811dc546fc75b1104815ff5ab0b4a74c
SHA512

51731d770f525e853e5f4a48fb5a28d7c2dfbe1b7b830d0a48e3e259184c784b2f0936ef7a1cc384fa916dc13ad19af721397ea0c2b0582d4e2005e3a86bcd38
SSDEEP

49152:GTO2FA0SH3tDH5hK3jakjau4PvgoVQpyHCREl:GTOGA0SH3ZHXK3jakjaTvIZ

Score

1^/10

Malware Config

Signatures

Files

pastetw.exe
.exe windows x86

58942e0d24eaa13519dcdecf1bd99db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

kernel32

GlobalUnlock
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
ExitProcess
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
OpenProcess
VirtualAllocEx
GetProcAddress
LoadLibraryA
WriteProcessMemory
CreateRemoteThread
Sleep
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
GetACP
IsValidCodePage
HeapReAlloc
FlushFileBuffers
LCMapStringW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
GlobalLock
MultiByteToWideChar
SetStdHandle
HeapSize
SetEndOfFile
GetOEMCP
LeaveCriticalSection
FormatMessageA
WaitForSingleObjectEx
GetCurrentThreadId
LocalFree
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
EncodePointer
DecodePointer
EnterCriticalSection
WriteConsoleW
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW

user32

DispatchMessageA
TranslateMessage
PeekMessageA
UnregisterClassA
DestroyWindow
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
SetWindowPos
GetWindowRect
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
OpenClipboard
ScreenToClient
GetCursorPos
SetCursorPos
ClientToScreen
GetForegroundWindow
GetKeyState
LoadCursorA
SetCursor
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
GetClientRect

advapi32

RegGetValueA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58942e0d24eaa13519dcdecf1bd99db9

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

kernel32

user32

advapi32

imm32

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 11KB - Virtual size: 10KB