proxy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

proxy.exe
Size

153KB
MD5

eb327734a5a2d02309c57b033d30492b
SHA1

0ae2856b4e28fcd6faa49291c63add41aecf6fb9
SHA256

26deec6971accc4fee3a9dcf62c286facfa5d7bdb96abae173ef9e0e6eb117ec
SHA512

9f8ee83f97512257664e8775dde9bae3cbc33bb44231a0fe75766cd7efd5d220024ba535cc697e996274743ffbdcb0882000c583514bf273ebf4c01ba368dcc0
SSDEEP

1536:cgJAue4ayHt+fng9F1fO6T17JDqRpWbFqeSDDjDZOwiHT4Zndz3JIUz1f0xtY5En:cAAuaaNJDqDfTDZOwVd7S4YTVp62/Xf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
proxy.exe

Files

proxy.exe
.exe windows x86

c99ff789911e3218b26917789e0b9f48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectA
GetTextMetricsA
SelectObject
SetBkColor
SetTextColor

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
Shell_NotifyIconA

user32

BringWindowToTop
CharUpperA
CreateDialogIndirectParamA
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIconEx
EnableWindow
EndDialog
FillRect
FindWindowA
GetClassNameA
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetIconInfo
GetMenuItemInfoA
GetMessageA
GetParent
GetSubMenu
GetSysColorBrush
GetWindowDC
GetWindowRect
GetWindowTextA
InsertMenuItemA
IsIconic
KillTimer
LoadCursorA
LoadIconA
LoadMenuA
MessageBoxA
PeekMessageA
PostQuitMessage
RegisterClassExA
RegisterHotKey
RegisterWindowMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetForegroundWindow
SetMenuItemInfoA
SetRect
SetTimer
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
UnregisterClassA
UnregisterHotKey

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetWindowsDirectoryA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileExA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

wsock32

WSACleanup
WSAStartup
gethostname
getservbyport
gethostbyname
gethostbyaddr
getpeername
getsockname
recv
send
ntohs
recvfrom
sendto
accept
listen
bind
connect
htons
shutdown
setsockopt
inet_ntoa
closesocket
socket
select
__WSAFDIsSet
WSAGetLastError

Sections

AUTO
Size: 102KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 29KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c99ff789911e3218b26917789e0b9f48

Headers

File Characteristics

Imports

ole32

advapi32

gdi32

shell32

user32

kernel32

comctl32

comdlg32

wsock32

Sections

AUTO Size: 102KB - Virtual size:

.idata Size: 5KB - Virtual size:

DGROUP Size: 29KB - Virtual size:

.bss Size: 6KB - Virtual size:

.reloc Size: 6KB - Virtual size:

.rsrc Size: 8KB - Virtual size:

AUTO
Size: 102KB - Virtual size:

.idata
Size: 5KB - Virtual size:

DGROUP
Size: 29KB - Virtual size:

.bss
Size: 6KB - Virtual size:

.reloc
Size: 6KB - Virtual size:

.rsrc
Size: 8KB - Virtual size: