XTSubprocess[.]exe

Resubmissions

05/07/2023, 17:59

230705-wkxdfseh72 3

05/07/2023, 17:55

230705-whfypaeh25 3

Sharing

Copy URL

Twitter E-mail

General

Target

XTSubprocess.exe
Size

430KB
MD5

00c9584913c324e45ec1ef06f93a5696
SHA1

f68e39130de898c0a63c0890b769b95dc5ee3c57
SHA256

4e3d7aa535e960fd9465d65c7c6eea72487523136cf69179eaf7083da336ed8c
SHA512

09da6d95bbf60378af5116a7cadfcf1afda4feada8839b8d2a0f4fee6aba193bb1db10807d6c20ba949cbfbcadd2113d3f7dd790ec5a4f99851c90335d197035
SSDEEP

6144:cCyI0MNzWT+yiRWXQUwQVpMuO/eATSuT4EuEN7QAODWbw4W:c+rqT+FEQK7Mu7ATSgQowB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XTSubprocess.exe

Files

XTSubprocess.exe
.exe windows x86

5836638c1a2856a2920800de513b3807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcef

cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_map_alloc
cef_string_map_free
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_append
cef_string_list_clear
cef_string_list_value
cef_string_list_size
cef_string_map_size
cef_api_hash
cef_execute_process
cef_post_task
cef_v8value_create_function
cef_v8value_create_string
cef_v8value_create_int
cef_v8value_create_bool
cef_string_list_free
cef_string_list_alloc
cef_v8context_get_current_context
cef_process_message_create
cef_string_userfree_utf16_free
cef_string_wide_to_utf8
cef_log
cef_string_utf16_to_utf8
cef_string_utf8_to_utf16
cef_string_utf16_cmp
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_utf16_set

kernel32

WriteConsoleW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
HeapAlloc
HeapFree
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
SetLastError
GetLastError
CreateFileW
HeapSize

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5836638c1a2856a2920800de513b3807

Headers

DLL Characteristics

File Characteristics

Imports

libcef

kernel32

Sections

.text Size: 322KB - Virtual size: 322KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 322KB - Virtual size: 322KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB