1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

1.8MB
MD5

1843aa016f37b88c3939ec3e44d144c2
SHA1

b0aa409c2b5effd6d63e7b33a0dbe21df54759a5
SHA256

8344294e866c93cbe687863772433b4f0e41f1a3f42d68042319a4e3bf19b0b5
SHA512

0867bfd56525a8f7418782e39b88501b8280be04b7c871b7dc786b866487d928b17fe534bd35040453db9e874a0f22388ee7ea54f7a30eb358672cdf0f6ce8a2
SSDEEP

12288:1+lBJwxIM+2BKNBM3Z4BZDmjFNR6KqYOJuC7btojNoEFMGR7waPT1Yzh6RqTGk:1+lBJwnKk3Z4P2TQgVFLwaP5Yz7TGk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows x86

aa772e3f4119e633813f678b2c7ec528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetDriveTypeA
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
SetFilePointer
GetVersionExA
GetModuleFileNameA
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetCurrentProcess
Sleep
GetWindowsDirectoryA
FreeLibrary
lstrcatA
lstrlenA
WinExec
CreateFileA
UnmapViewOfFile
CloseHandle
FindFirstFileA
FindClose
DeleteFileA
FreeResource
GetLastError
SetLastError
GetModuleHandleA
LoadLibraryA
lstrcmpA
lstrcpyA
MulDiv
GetCurrentThreadId
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
SleepEx
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LockResource
SizeofResource
GetStdHandle
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
GetSystemDirectoryA
MultiByteToWideChar
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleFileNameW
InterlockedDecrement
GlobalReAlloc
GetCurrentProcessId
WritePrivateProfileStringA
WaitForSingleObject
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetFullPathNameA
GetModuleHandleW
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
FileTimeToLocalFileTime
SetErrorMode
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
VirtualAlloc
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter

user32

EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetActiveWindow
GetDesktopWindow
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
BeginPaint
EndPaint
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
GetSysColorBrush
UnregisterClassA
RegisterClipboardFormatA
SendMessageA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
SetForegroundWindow
PostMessageA
CheckMenuItem
GetWindowThreadProcessId
FindWindowA
FindWindowExA
CopyIcon
IsWindow
GetMessagePos
MessageBeep
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UpdateWindow
SetPropA
GetPropA
RemovePropA
SystemParametersInfoA
IsWindowVisible
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
FillRect
InvalidateRect
DispatchMessageA
CallNextHookEx
SetTimer
SetRectEmpty
GetDC
GetSystemMetrics
IsWindowEnabled
CallWindowProcA
GetCapture
WindowFromPoint
UnhookWindowsHookEx
KillTimer
ScreenToClient
GetTopWindow
GetFocus
GetWindow
SetWindowLongA
LoadBitmapA
DefWindowProcA
GetDlgItem
DestroyWindow
GetMessageTime
PeekMessageA
MapWindowPoints
SetWindowsHookExA
wsprintfA
GetCursorPos
GetKeyState
GetSysColor
ReleaseDC
ClientToScreen
GetClientRect
GetWindowRect
OffsetRect
InflateRect
PtInRect
CopyRect
LoadIconA
EnableWindow
LoadCursorA
SetCursor
GetClassNameA
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
SetWindowPos
IsIconic
GetWindowPlacement
GetMenuState
MessageBoxA
GetParent
GetWindowLongA

gdi32

CreateSolidBrush
Escape
RectVisible
PtVisible
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateFontIndirectA
CreateCompatibleDC
DeleteDC
GetObjectA
BitBlt
GetStockObject
CreatePen
MoveToEx
LineTo
DeleteObject
SetBkColor
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetTextColor
GetClipBox
GetDeviceCaps
TextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateFontA
SelectObject
ExtTextOutA

advapi32

CryptAcquireContextA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
CryptReleaseContext
CryptGenRandom
RegCloseKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptImportKey
CryptEncrypt

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

wldap32

ord143
ord50
ord26
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord211
ord22
ord60

ws2_32

send
recv
select
WSAIoctl
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSAGetLastError

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa772e3f4119e633813f678b2c7ec528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wldap32

ws2_32

crypt32

oleacc

winspool.drv

oleaut32

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 10KB - Virtual size: 55KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 10KB - Virtual size: 55KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB