MultiPotato[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MultiPotato.exe
Size

147KB
MD5

2a5dea822cc8b971adbabc51e41a8188
SHA1

030d69bee21d09394a211e84f5548aab54fd1f0c
SHA256

60be26ed1fbce1f7e616cf219fb6f2eca3962d7d9a329d03dc7dcbe3479d1405
SHA512

f7ae0a75c6873628e6b51666724d7415742a77a0a8abfc4efebe7748616c7f2492d154104611f2c51aee2229a1fc5a679e9e3602e21a343f29362610feeec8a9
SSDEEP

3072:NnVBWigC7wzWC5qBI2vP96S8zWjPCrVSOKKgGk:9Xvgdz9uISY1zeAKZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MultiPotato.exe

Files

MultiPotato.exe
.exe windows x64

4c22840c8a2eaf0ce4b2a738bce045fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
GetStringTypeW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
GetProcAddress
GetCurrentProcess
ConnectNamedPipe
lstrcmpW
CreateThread
GetCurrentThread
CreateNamedPipeW
ReadFile
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
CloseHandle
WaitForSingleObject
GetEnvironmentVariableW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW

user32

GetUserObjectSecurity
SetUserObjectSecurity
wsprintfW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
SetProcessWindowStation
OpenWindowStationW
CloseDesktop
CloseWindowStation

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateNamedPipeClient
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameW
DuplicateTokenEx
OpenThreadToken
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AllocateAndInitializeSid
CopySid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
CreateProcessWithTokenW

ws2_32

htons
htonl
WSAStartup
WSASocketW
closesocket
bind
accept
WSACleanup
listen

netapi32

NetUserAdd
NetLocalGroupAddMembers

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c22840c8a2eaf0ce4b2a738bce045fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

netapi32

ntdll

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB