abyssws[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abyssws.exe
Size

1.0MB
MD5

5832c3d40a05d1a74d489fa96c69be74
SHA1

d1f01d554f2efe9d709415489a2598521f7b83ab
SHA256

1ad6870a45e3212318e6789b15354ca7932ad50acdc7ec77a2268bea6284e961
SHA512

911fa5a1ad24001ec8515e83c4e8e79cc8220f16b309067cb6f832d6a1e1cf88f19e372a0d694a8b023e998b4e18242c34094a88ff8733d109a9623da5bc6606
SSDEEP

24576:7uHQLB6gYfi6De7d2qxxNY/isqHc+joXW5GW:7uHQLB6jfLDe7RxNkiAWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abyssws.exe

Files

abyssws.exe
.exe windows x64

133aa4c3510cc202cf74c5c418d1d7c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

zlib1

deflateInit2_
deflate
deflateEnd

kernel32

CreateEventA
SetLastError
GetVolumeInformationA
ExpandEnvironmentStringsA
OpenProcess
TerminateProcess
FreeConsole
AllocConsole
GetCommandLineA
__C_specific_handler
SetUnhandledExceptionFilter
GetFileAttributesA
GetLastError
LocalFree
lstrlenA
FormatMessageA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateFileA
GetLocalTime
GetProcAddress
LoadLibraryA
VirtualQuery
IsBadWritePtr
IsBadReadPtr
GetModuleHandleA
TerminateThread
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
WideCharToMultiByte
GetLogicalDrives
GetFullPathNameW
SetFilePointer
SetHandleInformation
FindFirstFileA
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileA
FindNextFileW
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentVariableW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
SetFileTime
SystemTimeToFileTime
GetSystemTime
SetEndOfFile
MoveFileExA
MoveFileExW
CreateFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateProcessW
GetOverlappedResult
ResetEvent
WaitNamedPipeA
CreateNamedPipeA
WaitForMultipleObjects
GenerateConsoleCtrlEvent
PeekNamedPipe
LoadLibraryExA
LoadLibraryExW
FreeLibrary
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
ReleaseMutex
CreateMutexA
GetProcessTimes
GetCurrentProcessId
SetEvent
SetConsoleCtrlHandler
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
WriteFile
ReadFile
CloseHandle
Sleep
SetCurrentDirectoryA
GetCurrentProcess
SetProcessWorkingSetSize
lstrcpynA
GetModuleFileNameA
GetFullPathNameA
GetStartupInfoA

user32

DrawMenuBar
InsertMenuA
RemoveMenu
SetTimer
RegisterWindowMessageA
KillTimer
FlashWindow
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
FindWindowA
GetWindowTextA
LoadCursorA
SetCursor
MessageBoxA
GetWindowTextLengthA
GetMenuStringA
LoadStringA
LoadImageA
DestroyIcon
GetCursorPos
LoadMenuA
GetSubMenu
EnableMenuItem
SetMenuDefaultItem
TrackPopupMenu
PostMessageA
DestroyMenu
DialogBoxParamA
EndDialog
GetDlgItem
SetWindowTextA
ShowWindow
SetForegroundWindow
ModifyMenuA
GetMenu
SendMessageA
EnableWindow

advapi32

RegCreateKeyExA
GetUserNameW
ControlService
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegEnumValueA
RegEnumKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
SetServiceStatus
ChangeServiceConfigA
QueryServiceConfigA
CreateServiceA
DeleteService
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize

msvcrt

time
_stricmp
strncpy
strcmp
isalpha
sscanf
isxdigit
toupper
strtod
abort
strncmp
rand
_vsnprintf
strncat
isdigit
_strnicmp
strtoul
strstr
strtol
realloc
_getcwd
strrchr
tolower
_snprintf
memmove
bsearch
memset
_beginthreadex
_endthreadex
isupper
srand
setlocale
qsort
memchr
isalnum
_wcsnicmp
wcsncmp
getenv
strftime
_errno
fputs
longjmp
_setjmp
memcmp
_XcptFilter
_c_exit
_exit
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
_onexit
strcat
memcpy
fprintf
strlen
isspace
_strdup
strcpy
free
atoi
sprintf
_mbsnbcpy
_mbsnbcat
puts
exit
malloc
_iob
fgets
strchr
printf
_mbsrchr

wsock32

ntohs
getsockname
inet_ntoa
listen
bind
htons
connect
recv
send
shutdown
setsockopt
closesocket
socket
ntohl
select
WSAGetLastError
__WSAFDIsSet
WSAStartup
WSACleanup
accept

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

133aa4c3510cc202cf74c5c418d1d7c4

Headers

DLL Characteristics

File Characteristics

Imports

zlib1

kernel32

user32

advapi32

shell32

ole32

msvcrt

wsock32

version

Sections

.text Size: 621KB - Virtual size: 620KB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 42KB - Virtual size: 51KB

.pdata Size: 46KB - Virtual size: 45KB

.rsrc Size: 30KB - Virtual size: 29KB

.text
Size: 621KB - Virtual size: 620KB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 42KB - Virtual size: 51KB

.pdata
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 30KB - Virtual size: 29KB