SPIDERHECK[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SPIDERHECK.exe
Size

1.5MB
MD5

76c04915664046b1ecb0154ff0ae04ab
SHA1

65637c5f23772c3b4b963586e323d33519e125d3
SHA256

9004870d0c9bd3b7d1ad8ce7f01931682c11760a9e932f6b889bf811fc83dd4a
SHA512

c707ab84cf64fa0f0f188925104ed271c3ee4f6739c49bf0494c8a24f4f04e3ccee662b8aa07db25f7b8edfaea4259469790d40d763fe4027d26f146302483e9
SSDEEP

24576:OPQWLMG6Ifjp+X3n+v5xl88tFF/fbPEMnN0UVZv8zpkQs0aIwTCU:0QWLMG6059nN0UVZEtkQsXrT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SPIDERHECK.exe

Files

SPIDERHECK.exe
.exe windows x86

1c7169c77221c4ee6b8b2e8d4e4aad5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
recv
listen
WSAGetLastError
bind
connect
ntohl
gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
closesocket
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername

kernel32

FreeLibraryAndExitThread
ExitThread
CreateThread
ExpandEnvironmentStringsW
OutputDebugStringW
GetCommandLineW
GetStdHandle
SetEnvironmentVariableW
CreateFileW
GetFileSize
IsDebuggerPresent
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
GetSystemInfo
GetVersionExW
GetNativeSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
QueryInformationJobObject
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
ExitProcess
FindResourceW
EnumResourceNamesW
LocalFree
FormatMessageW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetConsoleScreenBufferInfo
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
WriteFile
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
HeapReAlloc
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsValidLocale
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
DeleteFileW
HeapSize
EnumResourceLanguagesExW
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetDriveTypeW
LCMapStringEx
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
FormatMessageA
GetStringTypeW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
TlsAlloc

advapi32

RegCloseKey
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExW

ole32

CoCreateGuid

crypt32

CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord200
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord301
ord26

normaliz

IdnToAscii

imagehlp

ImageRemoveCertificate
ImageEnumerateCertificates

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7169c77221c4ee6b8b2e8d4e4aad5e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

ole32

crypt32

wldap32

normaliz

imagehlp

Sections

.text Size: 787KB - Virtual size: 787KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 7KB - Virtual size: 12KB

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 787KB - Virtual size: 787KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 7KB - Virtual size: 12KB

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 32KB - Virtual size: 32KB