targetcompany | local[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

local.exe
Size

125KB
MD5

98c7f6b6ddf6a01adb25457e9a3c52b8
SHA1

8fe68e8675b53c801ed110e635e9a9e3d66c9d4d
SHA256

de4c8cc850c5b70212aded154ec4f2ec0836b340397b0b912a0f1434d141a5c6
SHA512

1393e9fcdf844f3c350b961e5bf2669c1739a09009746774cdbbabf6eee28f32d0782524fc57e0b7080eb57183ab38bc8bd83273dff02c67b9b4ba029fb7af67
SSDEEP

3072:BA1LW6KAqdcKNzXjQopiuL5dmTPFtkFeZ5NlGj:BSRKAccKNzNpxL5dWPLJhg

Score

10^/10

targetcompany

Malware Config

Signatures

TargetCompany payload 1 IoCs

resource	yara_rule
sample	family_targetcompany

Targetcompany family
targetcompany

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
local.exe

Files

local.exe
.exe windows x86

3bb9dab2c027dac451afc004583f98e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
WideCharToMultiByte
LoadLibraryW
Sleep
LeaveCriticalSection
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatA
lstrcmpW
MultiByteToWideChar
GetFileSizeEx
GetLastError
GetProcAddress
MoveFileW
EnterCriticalSection
FindClose
PostQueuedCompletionStatus
DeviceIoControl
GetSystemInfo
WaitForMultipleObjects
Process32NextW
lstrcmpiW
CreateIoCompletionPort
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
InitializeCriticalSection
GetDiskFreeSpaceExW
CloseHandle
GetWindowsDirectoryW
LocalFree
lstrcpyW
CreateThread
FindVolumeClose
SetEvent
TerminateThread
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetFileType
CreateEventW
QueryDosDeviceW
DuplicateHandle
FindFirstVolumeW
GetCurrentProcessId
WriteFile
GetCurrentThread
GetModuleHandleW
FindFirstFileExW
GetLogicalDrives
WaitForSingleObject
SetFilePointerEx
GetCurrentProcess
GetQueuedCompletionStatus
InterlockedIncrement
SetErrorMode
GetDriveTypeW
lstrlenA
GetComputerNameA
GetCommandLineW
ExitProcess
CreateFileA
GetStringTypeW
DeleteCriticalSection
lstrlenW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
IsValidCodePage
HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP

advapi32

LsaClose
LsaFreeMemory
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
CryptGenRandom
OpenProcessToken
LookupPrivilegeValueW
SetNamedSecurityInfoW
CryptReleaseContext
LsaOpenPolicy
OpenThreadToken
LsaQueryInformationPolicy
CryptAcquireContextW

shell32

ShellExecuteW
CommandLineToArgvW

shlwapi

wvnsprintfW
StrStrIW
SHDeleteKeyW
StrCmpNIW
StrCmpNW
wnsprintfA
wnsprintfW

wininet

InternetOpenW
InternetQueryOptionW
InternetQueryDataAvailable
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetSetOptionW

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bb9dab2c027dac451afc004583f98e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 8KB - Virtual size: 8KB