1[.]exe | Triage

Resubmissions

17/08/2023, 09:12

230817-k6mwcsac5v 10

17/08/2023, 09:11

230817-k52ccsge85 3

17/08/2023, 08:51

230817-kr8vaage28 10

17/08/2023, 08:31

230817-ke5xvsgd57 10

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

2.2MB
MD5

a54aa565be7fa6efa2fd0c39afdf33db
SHA1

0a2197dc802b7fae849e72f9b910d803e20e967c
SHA256

beb75ce569941ddafa8251946e229c21bb8be5817d635444816815f4d609a3d8
SHA512

5def7ab16589367ce52792f7a45b41121f9d252449b2bd7ca3be9973a8ee368843671ed9aaddd1dc58d5d51de2aa56a4bfb47701c3acf892c36897b132cef8e6
SSDEEP

49152:lSMkMYjMx2okSAhRmUcDT4GGk5XzJJgxyAqwTk:lgMx+SIBugx6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows x64

3aef61550a41eff5c61943836137593b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_LoadImageW
ImageList_Replace
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ImageList_GetIconSize
CreateToolbarEx
ImageList_Destroy
ord17

kernel32

CopyFileW
LocalFileTimeToFileTime
CompareStringW
SetEvent
CreateEventW
ExitProcess
CreateThread
GetDriveTypeW
GetLogicalDrives
GetDiskFreeSpaceExW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
LoadLibraryA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
SetEnvironmentVariableA
SetEndOfFile
HeapSize
WriteConsoleW
SetStdHandle
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetTimeFormatW
GetTimeZoneInformation
DeleteCriticalSection
GetFileType
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
FlushFileBuffers
GetModuleHandleExW
GetProcessHeap
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetACP
CreateDirectoryW
ExitThread
DecodePointer
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetFileAttributesExW
SetEnvironmentVariableW
GetCurrentDirectoryW
HeapReAlloc
DeleteFileW
HeapAlloc
HeapFree
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExA
RaiseException
FindFirstFileW
FindNextFileW
GetSystemDirectoryW
FreeLibrary
FreeResource
GetProcAddress
LoadResource
LockResource
SizeofResource
GlobalUnlock
GetProcessAffinityMask
ResumeThread
GetCurrentProcess
SetFileTime
GetFileTime
GetTickCount
MoveFileExW
FindResourceExW
GetProfileStringW
SetDllDirectoryW
CreateProcessW
GetPrivateProfileIntA
WritePrivateProfileStringA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetLastError
GetFileSize
GetModuleFileNameW
GetFileAttributesW
GetEnvironmentVariableW
SystemTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
CompareFileTime
GlobalSize
GlobalHandle
GetCurrentThreadId
GetDateFormatW
GlobalFree
VerifyVersionInfoW
GetTempPathW
FindFirstFileExW
VerSetConditionMask
GetWindowsDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCommandLineW
EnumResourceNamesW
LoadLibraryExW
CloseHandle
FindClose
WriteFile
SetFilePointer
ReadFile
CreateFileW
GlobalAlloc
GetPrivateProfileIntW
MulDiv
Sleep
SetFileAttributesW
SetCurrentDirectoryW
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceW
LoadLibraryW

user32

GetScrollRange
ShowScrollBar
SetScrollInfo
ModifyMenuW
InsertMenuW
EnableMenuItem
GetMenuStringW
CopyAcceleratorTableW
CreateAcceleratorTableW
MapVirtualKeyExW
GetKeyNameTextW
CharNextW
CharLowerBuffW
IsMenu
GetKeyboardLayout
WinHelpW
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
SetScrollPos
GetMenuItemRect
TrackPopupMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CheckMenuItem
DestroyMenu
DrawMenuBar
GetMenuState
SetMenu
GetMenu
LoadMenuW
EnumDisplayMonitors
DestroyAcceleratorTable
LoadAcceleratorsW
IsIconic
GetWindowPlacement
CloseWindow
RegisterClassW
CallWindowProcW
PostQuitMessage
SendNotifyMessageW
UnregisterHotKey
RegisterHotKey
GetMessageW
RegisterWindowMessageW
IsClipboardFormatAvailable
GetClipboardData
GetScrollInfo
DrawIconEx
GetWindowThreadProcessId
IsRectEmpty
GetCursor
IsZoomed
AttachThreadInput
SystemParametersInfoW
ShowCursor
EndPaint
BeginPaint
KillTimer
BringWindowToTop
DefWindowProcW
GetMessagePos
DrawTextA
WindowFromPoint
GetCursorPos
SetCapture
IsDialogMessageW
GetMonitorInfoW
MonitorFromWindow
DeleteMenu
MonitorFromPoint
DrawFrameControl
MessageBoxA
ScrollWindow
SetCursorPos
ReleaseCapture
GetCapture
GetAsyncKeyState
FindWindowExW
SetScrollRange
GetSysColor
GetMenuItemInfoW
TranslateAcceleratorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
IsChild
GetClassNameW
EnumChildWindows
CopyRect
FrameRect
DrawFocusRect
ClientToScreen
MessageBoxW
GetClientRect
DrawTextW
IsWindowEnabled
GetKeyState
GetFocus
CheckRadioButton
SetWindowPos
ShowWindow
DrawEdge
FindWindowW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetIconInfo
DestroyIcon
FillRect
GetSystemMetrics
wsprintfW
GetParent
ScreenToClient
GetWindowTextW
SetWindowTextW
InvalidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
EnableWindow
GetActiveWindow
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemInt
SetDlgItemInt
CreateDialogParamW
MoveWindow
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
SetCursor
IsWindowVisible
LoadIconW
MessageBeep
GetWindowRect
SetWindowTextA
ReleaseDC
GetDC
SetActiveWindow
DrawIcon
SetTimer
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamW
SendMessageW
LoadStringW
GetScrollPos
HiliteMenuItem

gdi32

PatBlt
CreateBitmap
CreateCompatibleDC
CreateICW
CreateSolidBrush
DeleteObject
GetDeviceCaps
SelectObject
SetBkMode
GetObjectW
GetPixel
GetStockObject
SetBkColor
SetTextColor
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextMetricsW
DeleteEnhMetaFile
BitBlt
CreateBrushIndirect
CreateCompatibleBitmap
CreateDCW
CreatePen
DeleteDC
Ellipse
GetDIBits
RealizePalette
SelectPalette
CreateDIBitmap
GetEnhMetaFileHeader
CreatePalette
StretchDIBits
SetStretchBltMode
GetSystemPaletteEntries
DeleteMetaFile
GetMetaFileBitsEx
GetMetaFileW
Rectangle
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileW
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetWinMetaFileBits
ResetDCW
SetDIBits
StretchBlt
StartDocW
EndDoc
StartPage
EndPage
LineTo
MoveToEx
GetTextExtentPoint32W
TextOutA
GetNearestPaletteIndex

advapi32

RegOpenKeyExA
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueW
IsTextUnicode
RegQueryValueExA
RegCloseKey

shell32

ExtractIconW
SHGetDataFromIDListW
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoW
SHChangeNotify
SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
DragQueryFileW
SHCreateItemFromParsingName
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW
ShellExecuteW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

3aef61550a41eff5c61943836137593b

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 470KB - Virtual size: 469KB

.data Size: 12KB - Virtual size: 87KB

.pdata Size: 57KB - Virtual size: 57KB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 470KB - Virtual size: 469KB

.data
Size: 12KB - Virtual size: 87KB

.pdata
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 3KB - Virtual size: 2KB