A7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

A7.exe
Size

17.0MB
MD5

e90a4289425a315886a0cadbefc4bd61
SHA1

89489bad4642d9b48d62aa2ee1485026e7cead2c
SHA256

f4761fc501bdea9d53ba68d08532c925c24e6bcc2274b2bcfb4cbfcd0f574e89
SHA512

1c027a844dfed62dd990aa23422fc4af5264f953774daa433f7774e4c966b45a1c1952666b6d396991fab7513fa04adbf9e9c6956061ef7818aec7ede4dcacce
SSDEEP

393216:nV7SVKu8M3IQqjCuLH4F60gOy4nRxK7p/s9vJrlfJlLKGBkfg8cm:5SVNkQqjCngOy4nXK7OTZBlLKGBwR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
A7.exe

Files

A7.exe
.exe windows x86

21a1b2ac183e2bf242cd97e1d0303d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
ConvertSidToStringSidA
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptHashData

wsock32

closesocket
WSAGetLastError
select
ntohl
WSASetLastError
getsockopt
htonl
inet_ntoa
setsockopt
htons
WSACleanup
shutdown
WSAStartup
send
socket
connect
recv

ws2_32

WSASocketW
WSAStringToAddressW
__WSAFDIsSet
WSAIoctl
getpeername
WSARecv
bind
accept
getnameinfo
freeaddrinfo
getaddrinfo
listen
getsockname
WSASend
ntohs

kernel32

GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
Process32First
WriteProcessMemory
GetCurrentProcess
Module32Next
GetProcessId
LocalAlloc
Module32First
GetModuleHandleA
CreateToolhelp32Snapshot
LoadLibraryA
Process32Next
CloseHandle
K32GetModuleBaseNameA
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetCurrentProcessId
VirtualFreeEx
GetLastError
GetCurrentThread
QueryPerformanceFrequency
GetThreadTimes
QueryPerformanceCounter
SetLastError
SizeofResource
SetWaitableTimer
TlsSetValue
HeapFree
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
InitializeCriticalSectionEx
FindResourceA
WaitForSingleObject
HeapSize
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
SetEvent
TerminateThread
TlsAlloc
LockResource
HeapReAlloc
SetStdHandle
HeapAlloc
QueueUserAPC
K32EnumProcesses
DecodePointer
GetConsoleOutputCP
LocalFree
DeleteCriticalSection
GetProcessHeap
SleepEx
CreateRemoteThread
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
GetCurrentThreadId
FormatMessageW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FreeLibrary
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileA
GetFileSizeEx
ReadFile
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
VirtualQuery
VirtualProtect
VirtualAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FlushFileBuffers
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessW
HeapDestroy
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
GetFileAttributesExW
LoadResource
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
RaiseException
GetLocaleInfoEx
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
GetSystemInfo
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

MessageBoxW
FindWindowA
GetProcessWindowStation
GetUserObjectInformationW

bcrypt

BCryptGenRandom

userenv

UnloadUserProfile

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.5e"
Size: - Virtual size: 34.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(w;
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.u:q
Size: 17.0MB - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21a1b2ac183e2bf242cd97e1d0303d44

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wsock32

ws2_32

kernel32

user32

bcrypt

userenv

rpcrt4

crypt32

Sections

.text Size: - Virtual size: 2.7MB

.rdata Size: - Virtual size: 775KB

.data Size: - Virtual size: 69KB

.5e" Size: - Virtual size: 34.5MB

.(w; Size: 2KB - Virtual size: 1KB

.u:q Size: 17.0MB - Virtual size: 17.0MB

.reloc Size: 1024B - Virtual size: 560B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 2.7MB

.rdata
Size: - Virtual size: 775KB

.data
Size: - Virtual size: 69KB

.5e"
Size: - Virtual size: 34.5MB

.(w;
Size: 2KB - Virtual size: 1KB

.u:q
Size: 17.0MB - Virtual size: 17.0MB

.reloc
Size: 1024B - Virtual size: 560B

.rsrc
Size: 512B - Virtual size: 469B