x0mhack[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x0mhack.exe
Size

3.3MB
MD5

a5cb5605e1a194652484e2e47aeefeb6
SHA1

d196a8a69bb86f521ae260ed598a5fff0013453f
SHA256

b66a51f6027940ec2ad164af057914d855cd32d35b85a5242c26653f0cc73269
SHA512

e0df00e523635de76029241ac8b2095dd3f9abf0d6253fa7876ba73eff59f13347458b4c0733d5246bd0dd144a5f765b68a93ce47c7240f1e8e826fc0e568954
SSDEEP

49152:XuSJ7IAJ8a29T5w6NIEryrtIp8VKNZKPcszu73/ZbfRqXJRKDN:XuSmAJ8a29FwKIEryy3d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x0mhack.exe

Files

x0mhack.exe
.exe windows x86

72a6f3d11ba3a71623be4b152cffa461

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileMappingA
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetSystemDirectoryA
GetEnvironmentVariableW
lstrcmpiA
VirtualFree
OpenProcess
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
EnterCriticalSection
MapViewOfFile
HeapFree
HeapAlloc
ReadFile
GetFileSizeEx
GetLastError
QueryPerformanceCounter
CloseHandle
GetSystemTimeAsFileTime
Process32Next
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcessId
Process32First
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
VerifyVersionInfoW
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetACP
FormatMessageA
CreateFileA

user32

GetUserObjectInformationW
DispatchMessageA
TranslateMessage
GetProcessWindowStation
MessageBoxW
PostQuitMessage
UpdateWindow
GetWindowRect
GetDesktopWindow
GetWindowLongW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
UnregisterClassA
GetClientRect
SetWindowLongW
SetCursor
SetCapture
BringWindowToTop
SetFocus
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
PeekMessageA

gdi32

GetDeviceCaps

advapi32

CryptEnumProvidersW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyA
CryptSignHashW

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
_Mtx_lock
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_unlock
??1_Lockit@std@@QAE@XZ
_Thrd_join
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_id
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exceptions@std@@YAHXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mtx_init_in_situ

msvcp140_atomic_wait

__std_atomic_notify_all_direct
__std_atomic_wait_direct

d3d9

Direct3DCreate9

ws2_32

inet_ntoa
inet_addr
htons
WSACleanup
gethostbyname
getservbyport
ntohs
htonl
getservbyname
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
recv
WSASetLastError
connect
socket
send
getaddrinfo
shutdown
select
closesocket
WSAStartup
getsockopt
gethostbyaddr

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
strchr
wcsstr
_setjmp3
memchr
memset
_except_handler4_common
memcpy
longjmp
strrchr
strstr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

raise
strerror_s
_crt_atexit
_exit
_initialize_onexit_table
_errno
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
terminate
_beginthreadex
abort
_controlfp_s
_initterm
_wassert
_initterm_e
_register_thread_local_exe_atexit_callback
exit
_initialize_narrow_environment
_configure_narrow_argv
signal
_c_exit
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

ftell
__stdio_common_vsscanf
fputs
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__acrt_iob_func
fflush
fseek
_set_fmode
__stdio_common_vsprintf_s
fwrite
_wfopen
__stdio_common_vswprintf
__stdio_common_vsprintf
fread
__p__commode
fopen
_setmode
setvbuf
_fileno
fgets
ferror
feof
fclose

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
strspn
strncmp
strncpy
isdigit
tolower
strcspn
isspace
strcpy_s
strncpy_s
strcat_s

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoul
atoi
strtoull
strtol

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
_fdclass
_ldclass
ceil
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_CIfmod
_libm_sse2_sin_precise
__setusermatherr
_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
floor

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 811KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72a6f3d11ba3a71623be4b152cffa461

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

msvcp140_atomic_wait

d3d9

ws2_32

crypt32

imm32

bcrypt

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 811KB - Virtual size: 811KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 101KB - Virtual size: 101KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 811KB - Virtual size: 811KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 101KB - Virtual size: 101KB