k3265[.]exe | Triage

Resubmissions

14/05/2023, 05:49

230514-gh2stsdb7y 10

13/05/2023, 22:53

230513-2t11wshf98 10

Sharing

Copy URL Twitter E-mail

General

Target

k3265.exe
Size

384KB
MD5

16bc9a47111e437a3aefa392b221162b
SHA1

c4a6fd77b8950973201d03e9c0c54a7163d115a3
SHA256

921f7e253498c76694e9e8a7cde9552ef163f1292692781e23a272c7ad0bbb92
SHA512

a395a940012f79960a9fa84c734652f3d52fa153b7938d4974c1f41aadab40c18dc6c4a586e530b650bcd58be2e5371445b8a58e34d01a964c9c77ddf0ed611f
SSDEEP

6144:2cUHt3SGN+ZxLnrmhMWJm2FhpLzFs6OtPxA2i84u57Ftxb/:tUHtCzZxLnrmDJpjsbt5A2lhXxb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
k3265.exe

Files

k3265.exe
.exe windows x86

5506401630e0d09bf80ea41184ddc31f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrInterfacePointerMarshall
RpcEpUnregister
RpcBindingToStringBindingW
RpcServerUseProtseqExW
RpcBindingReset
IUnknown_Release_Proxy

user32

BroadcastSystemMessageA
IsCharAlphaNumericA
EndDeferWindowPos
GetKeyState
ShowWindow
SetCursorPos
DrawIcon
SetPropW
DeregisterShellHookWindow
ExitWindowsEx
IsChild

kernel32

GetModuleFileNameW
ReleaseActCtx
LoadLibraryW
MulDiv
IsWow64Process
GetVersion
FreeEnvironmentStringsW
BuildCommDCBAndTimeoutsA
ReplaceFileW
QueueUserAPC
FileTimeToDosDateTime
CallNamedPipeW
GetLocalTime
SetConsoleCursorPosition
DisableThreadLibraryCalls
GetProcessVersion
LoadLibraryExW
FindActCtxSectionGuid
GetModuleHandleA
LoadLibraryA
GetProcAddress
FillConsoleOutputCharacterA
GetModuleHandleW
GetBinaryTypeW

gdi32

RoundRect
GetRegionData
ResizePalette
StartPage
GetStockObject
GetLayout
GetTextColor
GetRandomRgn
GetSystemPaletteEntries
GetTextMetricsW

shlwapi

PathFindFileNameW
GetMenuPosFromID
AssocQueryStringByKeyW
PathAddBackslashA
StrRetToBufW
StrCmpNIW
PathCanonicalizeW

rasapi32

RasGetEapUserIdentityW

comctl32

ImageList_Create

msvcrt

putc

netapi32

NetQueryDisplayInformation

advapi32

CryptDestroyHash
RegCreateKeyA
ChangeServiceConfigW

winmm

mixerGetControlDetailsW
midiOutGetDevCapsA

setupapi

SetupDuplicateDiskSpaceListW
SetupSetDirectoryIdExW
SetupOpenInfFileW
SetupDiGetDeviceInstallParamsW
SetupPrepareQueueForRestoreW
SetupDiDrawMiniIcon

crypt32

CertOpenSystemStoreW
CertRegisterPhysicalStore
CertSetCertificateContextProperty
CertCompareCertificateName

oleaut32

VarDateFromCy
BSTR_UserSize
LoadRegTypeLi
VarI2FromCy
VarBstrFromUI4
SafeArrayGetLBound

winspool.drv

DeleteFormW
GetPrinterDriverDirectoryW
FindNextPrinterChangeNotification

pdh

PdhParseCounterPathW

ole32

OleUninitialize

ws2_32

select

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5506401630e0d09bf80ea41184ddc31f

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

user32

kernel32

gdi32

shlwapi

rasapi32

comctl32

msvcrt

netapi32

advapi32

winmm

setupapi

crypt32

oleaut32

winspool.drv

pdh

ole32

ws2_32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 264KB - Virtual size: 262KB

.data Size: 20KB - Virtual size: 34KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 264KB - Virtual size: 262KB

.data
Size: 20KB - Virtual size: 34KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB