elevator[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

elevator.exe
Size

315KB
MD5

5f6c86ec159f2b0d99f88bc3c3c6a641
SHA1

124f5dd109c6cf03e07e2d2dc908fc43817e7b17
SHA256

4348d0d550e739807bfdd89524fbeb7f4300193f4cb9aa5a62dc219640be59a2
SHA512

594fa3ef1c0a0bca5dce62687c91e79470e4d897ce6e8f2729f1ff07e71e581452c6c4a8cb9c6dd6467baad651073448fde97d0cfd0ad86f826ba79c5ba9d076
SSDEEP

3072:9+bwPB64+8ZFjwMVuG74CHy/8c77uv6tvkNN0P3ohdeaEK8aTVcZIaKW:9+bwp64JjtVuG7Hy/7uv6tvNPVs+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
elevator.exe

Files

elevator.exe
.exe windows x64

7cd0bbb42d4b316f99f5cabd76b4bcaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
CloseHandle
GetCurrentThread
TerminateProcess
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlCaptureContext
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlLookupFunctionEntry
GetLastError
FormatMessageW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
WaitForSingleObject
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetThreadContext
GetCommandLineW
GetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
TryAcquireSRWLockExclusive
HeapReAlloc
AcquireSRWLockShared
GetModuleHandleW
GetModuleFileNameW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
GetThreadContext
GetSystemInfo
GetProcAddress
GetModuleHandleA
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036

psapi

EnumProcessModulesEx
GetModuleBaseNameW

user32

GetSystemMetrics

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
__p___argc
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
__p___argv
_initterm
_c_exit
_cexit
abort
_initterm_e
_exit
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
free

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cd0bbb42d4b316f99f5cabd76b4bcaa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

psapi

user32

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 2KB - Virtual size: 1KB