airshipper[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

airshipper.exe
Size

26.6MB
MD5

226383401c4f9cac848db38f1ec642d1
SHA1

c54efcb0a24535474e012a23f87408830bb92753
SHA256

b58390cd578aea9e31aa623ad77dbff03bde203044b5fa0ecf9b21a06d077809
SHA512

cf6c53a4c86401e4d444befed69310928bb0d2017003f1a3e947538f2d3bd6f09463b1a66002eae3bddeeb814bf43099ed84210a86efab2d38b8d0275d5f4f1d
SSDEEP

196608:/9Uj8eDxMyWjyhQIDUXtQh3HkI4kSvfr+Xjn6PdZYPA0:/oDGyae4tQhXkI+nrKaR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
airshipper.exe

Files

airshipper.exe
.exe windows x64

2a4192396efe000a58faa6a11b5e9180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlsSetValue
FlsGetValue
FlsAlloc
WakeAllConditionVariable
RemoveVectoredExceptionHandler
FreeLibrary
SwitchToThread
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FlsFree
GetCurrentProcessId
GetConsoleWindow
FindNextFileW
FindFirstFileExW
FindClose
GetCommandLineA
GetModuleHandleExW
WriteFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetFilePointerEx
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleW
TerminateProcess
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
Sleep
GetModuleHandleW
lstrlenW
RaiseException
GetCommandLineW
EncodePointer
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
RegisterWaitForSingleObject
GetExitCodeProcess
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCurrentThreadId
FlushFileBuffers
LCMapStringW
RtlPcToFileHeader
GetConsoleOutputCP
CompareStringOrdinal
GetStdHandle
GetConsoleMode
SetConsoleMode
RtlVirtualUnwind
GlobalAlloc
MultiByteToWideChar
SetConsoleTextAttribute
GetFileInformationByHandleEx
GlobalFree
HeapSize
GlobalLock
GlobalSize
WideCharToMultiByte
GlobalUnlock
GetProcAddress
SetThreadErrorMode
LoadLibraryExW
CreateEventA
UnregisterWaitEx
SleepConditionVariableSRW
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
SetFileInformationByHandle
DeleteFileW
CreateIoCompletionPort
SetFileCompletionNotificationModes
RtlCaptureContext
TryAcquireSRWLockExclusive
SetLastError
GetFinalPathNameByHandleW
GetModuleHandleA
GetSystemInfo
WakeConditionVariable
QueryPerformanceCounter
GetCurrentDirectoryW
HeapAlloc
GetProcessHeap
QueryPerformanceFrequency
ExitProcess
WriteFileEx
SleepEx
ReadFileEx
HeapReAlloc
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentThread
CreateThread
CloseHandle
EnterCriticalSection
CreateNamedPipeW
DuplicateHandle
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFileAttributesW
HeapFree
GetSystemTimeAsFileTime
WaitForMultipleObjects
GetNumberOfConsoleInputEvents
ResetEvent
ReadConsoleInputW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
SetHandleInformation
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
GetFullPathNameW
CreateDirectoryW

bcrypt

BCryptGenRandom

user32

GetMessageW
GetClipboardData
CreateWindowExW
RegisterRawInputDevices
DestroyWindow
EmptyClipboard
SetClipboardData
SendMessageW
SetWindowLongW
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
GetMenu
AdjustWindowRectEx
GetWindowThreadProcessId
SystemParametersInfoA
GetUpdateRect
RegisterClassExW
MapVirtualKeyA
ShowWindow
MonitorFromPoint
DestroyIcon
GetKeyboardLayout
ToUnicodeEx
GetKeyState
GetKeyboardState
InvalidateRgn
SetWindowPos
SetWindowTextW
GetMonitorInfoW
GetSystemMetrics
RegisterTouchWindow
MsgWaitForMultipleObjectsEx
RedrawWindow
PostMessageW
GetCursorPos
TranslateMessage
SetWindowLongPtrW
DispatchMessageW
OpenClipboard
RegisterWindowMessageA
ClientToScreen
GetClientRect
GetDC
CloseClipboard
GetWindowLongW
PostThreadMessageW
ScreenToClient
GetTouchInputInfo
ReleaseCapture
SetCapture
TrackMouseEvent
MonitorFromRect
GetWindowLongPtrW
CreateIcon
DefWindowProcW
CloseTouchInputHandle
GetRawInputData
SetCursor
LoadCursorW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
IsProcessDPIAware
MonitorFromWindow
SetForegroundWindow
SendInput
MapVirtualKeyW
ValidateRect
PeekMessageW

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertVerifyCertificateChainPolicy

ws2_32

WSASocketW
WSAStartup
WSACleanup
closesocket
freeaddrinfo
getaddrinfo
getsockopt
connect
recv
bind
setsockopt
ioctlsocket
shutdown
sendto
WSAGetLastError
getpeername
getsockname
WSAIoctl
WSASend
send
recvfrom

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
OleInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
RegisterDragDrop
CoUninitialize

shell32

DragFinish
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

ntdll

NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx

secur32

ApplyControlToken
QueryContextAttributesW
InitializeSecurityContextW
FreeContextBuffer
AcceptSecurityContext
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage
AcquireCredentialsHandleA

advapi32

SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

d3dcompiler_47

D3DCompile

uxtheme

SetWindowTheme

Sections

.text
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17.5MB - Virtual size: 17.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a4192396efe000a58faa6a11b5e9180

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

bcrypt

user32

crypt32

ws2_32

gdi32

dwmapi

ole32

shell32

winmm

ntdll

secur32

advapi32

d3dcompiler_47

uxtheme

Sections

.text Size: 8.9MB - Virtual size: 8.9MB

.rdata Size: 17.5MB - Virtual size: 17.5MB

.data Size: 18KB - Virtual size: 26KB

.pdata Size: 119KB - Virtual size: 118KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 8.9MB - Virtual size: 8.9MB

.rdata
Size: 17.5MB - Virtual size: 17.5MB

.data
Size: 18KB - Virtual size: 26KB

.pdata
Size: 119KB - Virtual size: 118KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 92KB - Virtual size: 92KB