mip[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

mip.exe
Size

1.5MB
MD5

5204b7d25e1845caf5e01d0ba12276d7
SHA1

9b34cb3b847e8657e4c7b7cc98460151ed7aa0d6
SHA256

81a1cd069bf44c939e10ce4a67a2fd1d17f7ddb17045428bac02d299c13bbf05
SHA512

e4f500e200f624ecaece3bc0f1a98d0613cb9fba805547ae820186ddae2a3d7b9ab1cdb73a9c8695dccb769eee3d0681813435c6ff678579928c9937bb2a17d3
SSDEEP

24576:kYQSBnw9XDFFj4MmEE0k/KaLSGVzjNMk+D2SQotm/SXtk4QBb3Asa20y:tw1DFFj4NmDlH8/stZm3Af2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mip.exe

Files

mip.exe
.exe windows x64

cb19d267ff6653a4de1de79c06a65f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

kernel32

GetTickCount
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
FormatMessageW
GlobalAlloc
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
InitOnceComplete
InitializeCriticalSection
LeaveCriticalSection
InitOnceBeginInitialize
GetCommandLineW
HeapSetInformation
CreateEventW
OpenEventW
LockResource
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryExW
FreeLibrary
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetEvent
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
GetACP
GetSystemDefaultLCID
GetVersionExA
GetProfileIntA
GetUserDefaultLCID
GetSystemDefaultLangID
DisableThreadLibraryCalls
ResetEvent
WaitForMultipleObjects
TryEnterCriticalSection
ResumeThread
SetThreadPriority
CreateThread
GetLocaleInfoW
GetUserDefaultUILanguage
FreeResource
FindResourceW
LoadLibraryW
LocalFree
LocalAlloc
GetProcessMitigationPolicy
OutputDebugStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
WideCharToMultiByte
GetStringTypeExW
HeapDestroy
HeapReAlloc
HeapSize
HeapAlloc
GetCurrentThreadId

gdi32

BitBlt
CreateDIBSection
GetRegionData
CreateSolidBrush
ExtSelectClipRgn
SetDIBColorTable
GetObjectW
SetStretchBltMode
OffsetRgn
ExtCreateRegion
GetDIBColorTable
StretchBlt
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPointW
GetTextColor
SetBkMode
CreateCompatibleBitmap
CreateBitmap
GetBitmapBits
GetStockObject
Ellipse
CreateCompatibleDC
SetROP2
CreateFontW
Polyline
SetLayout
SetWindowExtEx
StretchDIBits
GetTextFaceW
GetCharABCWidthsW
GetCharWidthA
GetCharWidth32A
GetCharWidthW
GetOutlineTextMetricsA
ExtTextOutA
Escape
SetTextAlign
SetBkColor
GetObjectType
CreatePalette
SelectPalette
RealizePalette
EnumFontFamiliesExW
SetDCBrushColor
RestoreDC
DeleteDC
GetDeviceCaps
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
CombineRgn
CreateRectRgnIndirect
DeleteObject
SelectClipRgn
PatBlt
PtInRegion
CreateRectRgn
CreatePen
SelectObject
MoveToEx
LineTo
SetTextColor
CreateRoundRectRgn
CreateICW
ExtTextOutW
ScriptTextOut
ScriptGetLogicalWidths
ScriptItemize
ScriptPlace
ScriptShape
ScriptFreeCache
ScriptGetCMap
ScriptGetProperties
GetGlyphIndicesW
GetCurrentObject
GetBkColor
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontData
TranslateCharsetInfo
GetPixel
GetTextCharsetInfo
GetTextMetricsA
GetObjectA
CreateFontIndirectA

user32

GetThreadDesktop
SetProcessDPIAware
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
GetUserObjectInformationW
CharNextW
PostThreadMessageW
CharUpperW
GetKeyboardLayout
GetKeyboardLayoutList
UnregisterClassW
SendMessageA
IsWindowUnicode
LoadCursorA
LoadBitmapA
LoadBitmapW
GetDoubleClickTime
SetCaretBlinkTime
InvertRect
DestroyCaret
MenuItemFromPoint
SetWindowLongW
WindowFromDC
GetSystemMetrics
DeleteMenu
MonitorFromRect
SetMenuItemInfoW
DestroyIcon
GetMessageTime
SetFocus
DestroyCursor
RegisterClassW
GetClassInfoW
CreateCursor
GetDesktopWindow
GetWindowDC
DrawTextW
SystemParametersInfoW
GetParent
DrawFrameControl
InflateRect
GetMessagePos
NotifyWinEvent
SendMessageW
GetPropW
TrackMouseEvent
SetPropW
RemovePropW
ScreenToClient
FrameRect
GetSysColorBrush
FillRect
SetWindowRgn
ValidateRect
GetUpdateRect
GetWindowLongW
EndDeferWindowPos
GetWindowRect
DeferWindowPos
BeginDeferWindowPos
ReleaseCapture
GetSysColor
EqualRect
DrawIconEx
IntersectRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindow
DestroyWindow
GetKeyState
PtInRect
UnionRect
IsChild
GetFocus
BeginPaint
GetClientRect
GetDC
ReleaseDC
EndPaint
GetClipboardFormatNameW
CallNextHookEx
GetWindowThreadProcessId
WindowFromPoint
AdjustWindowRectEx
OffsetRect
DestroyMenu
PostQuitMessage
SetMenuDefaultItem
AppendMenuW
GetCursorPos
CreatePopupMenu
KillTimer
SetTimer
LoadIconW
SendInput
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
ClientToScreen
InvalidateRect
RegisterWindowMessageW
SetRectEmpty
UnhookWindowsHookEx
UnhookWinEvent
TrackPopupMenuEx
SetWinEventHook
SetWindowsHookExW
EndMenu
LoadCursorW
SetCursor
IsRectEmpty
CopyRect
CallWindowProcW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
UnregisterClassA
ShowWindow
EnumDisplayMonitors
GetMonitorInfoW
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
PostMessageW
SetCapture

msvcrt

ceilf
floorf
memcmp
memcpy
_ltow
_ltow_s
_wcsnicmp
_wcslwr_s
ceil
iswdigit
_wtol
_wcsicmp
_wtoi
wcscmp
memmove
memset
sqrtf
realloc
_errno
wcstol
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
vswprintf_s
_vscwprintf
wcsncmp
calloc
swprintf_s
_resetstkoflw
_purecall
wcscat_s
wcscpy_s
memmove_s
wcsncpy_s
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
free
malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException

ntdll

EtwEventWriteTransfer
RtlCaptureContext
EtwEventSetInformation
EtwEventUnregister
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventRegister

ole32

RegisterDragDrop
CoCreateInstance
StringFromGUID2
CoInitialize
OleRegGetMiscStatus
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoTaskMemAlloc
RevokeDragDrop
CreateOleAdviseHolder
OleRegGetUserType
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CoUninitialize
CoCreateFreeThreadedMarshaler
OleRegEnumVerbs

oleaut32

VariantClear
VariantInit
DispCallFunc
VarBstrCat
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayCreateVector
SysStringLen
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
SysFreeString

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreatePen1
GdipSetClipRectI
GdipCreateLineBrushI
GdipCreatePen2
GdipSetPenColor
GdipDrawLineI
GdipDeletePen
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipSetPenDashStyle
GdipSetPenDashArray
GdipDrawRectangleI
GdipGetDC
GdipReleaseDC
GdipFillEllipseI
GdipDrawEllipseI
GdiplusStartup
GdiplusShutdown
GdipDrawImageI
GdipCloneBrush
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateFromHWND

shell32

Shell_NotifyIconW
ShellAboutW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ord8

uxtheme

GetThemePartSize
GetThemeMargins
DrawThemeText
DrawThemeIcon
DrawThemeEdge
GetThemeBackgroundRegion
IsThemeActive
OpenThemeData
DrawThemeTextEx
CloseThemeData
DrawThemeBackground
GetThemeColor

msimg32

AlphaBlend
GradientFill
TransparentBlt

dwmapi

DwmEnableBlurBehindWindow

Exports

Exports

?REExtendedRegisterClass@@YAHXZ

Sections

.text
Size: 930KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb19d267ff6653a4de1de79c06a65f98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

oleaut32

oleacc

gdiplus

shell32

version

comctl32

uxtheme

msimg32

dwmapi

Exports

Exports

Sections

.text Size: 930KB - Virtual size: 929KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 32KB - Virtual size: 36KB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 383KB - Virtual size: 383KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 930KB - Virtual size: 929KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 32KB - Virtual size: 36KB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 383KB - Virtual size: 383KB

.reloc
Size: 5KB - Virtual size: 5KB