build[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

build.exe
Size

414KB
MD5

bd06b62ea4fff09796fb732d7acf43e4
SHA1

2142df9d749c1a2edfb8c1b44312bea3832cc67a
SHA256

eca20cc3b0e127c5c59470de5454b37c8b1842463e3f2b3245580ae4a853d674
SHA512

fd26138e42a703896a4e7bba4027aaae509af5f88806e1fe92e1056f10753c30ad2526d43db5eb8820b0aede40aa9d837f295c0cf5234b210e59a67aa929ed74
SSDEEP

12288:Fr4yGQgl94bv2an9Oo9FHqKAf6nAtK2iGf26iAQs/JgL:Fr4dQgC9ZAf6nfDGfuAQsCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/Admin/AppData/Roaming/build.exe

Files

build.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume3/Users/Admin/AppData/Roaming/build.exe
.exe windows x86

Password: S@ndb0x!2023@@

0325acaeb0a0b10afcc4cd81bf4f0184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateActCtxA
HeapUnlock
GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputA
SetTapeParameters
GetTapeStatus
CreateMutexW
GetTickCount
CreateFileA
GetPrivateProfileSectionW
PulseEvent
LocalLock
WriteProcessMemory
SetEvent
FreeConsole
SetConsoleTitleW
LoadLibraryA
VirtualAlloc
CommConfigDialogA
GetFileAttributesA
HeapLock
HeapCompact
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameA
WaitForSingleObject
lstrlenA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 444KB - Virtual size: 66.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cuneler
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tafuja
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

0325acaeb0a0b10afcc4cd81bf4f0184

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 444KB - Virtual size: 66.9MB

.cuneler Size: 512B - Virtual size: 23B

.tafuja Size: 512B - Virtual size: 6B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 444KB - Virtual size: 66.9MB

.cuneler
Size: 512B - Virtual size: 23B

.tafuja
Size: 512B - Virtual size: 6B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 41KB - Virtual size: 40KB