Benzene[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Benzene.exe
Size

55KB
MD5

d6e6e2fb2e45c7a2ca6585d86b39d2d0
SHA1

0f64d36122ea98d09b504041b5a511dc4a0b5275
SHA256

942f4aca0316e529d0b7c721b774f37738fb99d27fb4adc034d08cb31fd72924
SHA512

9493b05deed8e0bfdf590c60d7aa7894420b192fdfbd979d321aae9c9cc1d5104fa6125ae8139b12ba1e0c227727375fe046456733c20198f20508321d8adaa1
SSDEEP

768:VglgFHa1vlmz3ggcRLgHLT0ztbjZMJfdZjpYwOxF3iCX85:3F69lmzQ5uT0nMJDjKwOxFZ85

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Benzene.exe

Files

Benzene.exe
.exe windows x86

df9ca4ac10155cf7dab5ee825e77b6b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader
waveOutReset
waveOutOpen
waveOutWrite
waveOutPrepareHeader

kernel32

GetLogicalDriveStringsW
Sleep
GetLastError
lstrcatW
DeleteFileW
CloseHandle
LoadLibraryW
CreateThread
GetProcAddress
LocalFree
CreateProcessW
CopyFileW
lstrcpyW
CreateFileW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
CreateMutexW
WaitForSingleObject
TerminateThread
FreeLibrary
HeapFree
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
WriteFile
GetCurrentProcess
UnhandledExceptionFilter
SetFileAttributesW
FindNextFileW
FindFirstFileW
ReadFile
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
lstrcmpW

user32

DispatchMessageW
GetMessageW
SetTimer
GetWindowRect
GetDC
EnumChildWindows
GetSystemMetrics
SetWindowTextW
TranslateMessage
DestroyCursor
GetCursorInfo
MoveWindow
EnumWindows
mouse_event
SetCursorPos
ReleaseDC
DrawIcon
EnumDisplayMonitors
ExitWindowsEx
MessageBoxW
RedrawWindow

gdi32

Ellipse
DeleteObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreatePen
StretchBlt

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetNamedSecurityInfoW
OpenProcessToken
FreeSid
SetEntriesInAclW

shell32

ShellExecuteW

vcruntime140

memset
wcsrchr
memcpy
_except_handler4_common

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscat_s

api-ms-win-crt-math-l1-1-0

_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_pow_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_libm_sse2_atan_precise
_libm_sse2_log_precise
_libm_sse2_sqrt_precise
_CIsinh
_CIfmod
_CIcosh
_CIatan2
floor
roundf
expm1
cbrtf
scalbn
ldexp
hypot
_libm_sse2_sin_precise
__setusermatherr
_except1

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_configure_wide_argv
_get_wide_winmain_command_line
_set_app_type
_seh_filter_exe
terminate
_controlfp_s
_initterm
_crt_atexit
_register_onexit_function
_initterm_e
exit
_initialize_onexit_table
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df9ca4ac10155cf7dab5ee825e77b6b4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 17KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 17KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB