WinD64[.]exe | Triage

General

Target

WinD64.exe
Size

90KB
MD5

b3e139bfd2e14bca0eb5deec2655c28a
SHA1

07b63316715597be493ae0c82a7e8f786d2133ec
SHA256

7105fd467a7965e32eef4c0a8ae113fb57f32d9334e83f2b1887d4eb65960a31
SHA512

da7d3213736c487668075e50b663d0a11d558d460c82e11a1ea7ea245d75424781ae621434335d90858f224e81f3e518b3079cc00ccea506f98b6a48035d8e7e
SSDEEP

1536:qR8FvBIJl0vSf49xnDoprFktlfQikHLO++Epq:qRwBIJgVqrFaCx19pq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinD64.exe

Files

WinD64.exe
.exe windows x64

28914d53bcfab5f16746200ca6a381fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
CreateServiceW
DeleteService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreateRemoteThread
DeleteFileA
DeleteFileW
ExitProcess
FindResourceW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentProcess
GetExitCodeProcess
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
LoadLibraryA
LoadLibraryExW
LoadResource
LockResource
MoveFileExW
OpenProcess
ReadFile
ReleaseMutex
SizeofResource
VirtualAllocEx
VirtualQuery
WaitForSingleObject
WriteFile
WriteProcessMemory

msvcrt

__iob_func
_stricmp
fclose
fflush
fopen
fprintf
free
getchar
malloc
printf
puts
realloc

ntdll

NtClose
NtDeviceIoControlFile
NtLoadDriver
NtOpenFile
NtQueryInformationProcess
NtQuerySystemInformation
NtUnloadDriver
RtlAdjustPrivilege
RtlCreateRegistryKey
RtlInitUnicodeString
RtlWriteRegistryValue
_vsnwprintf
_wtoi
memcmp
tolower
toupper
wcscat
wcscpy
wcslen

user32

GetSystemMetrics

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28914d53bcfab5f16746200ca6a381fd

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 74KB - Virtual size: 73KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 74KB - Virtual size: 73KB