stage2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stage2.exe
Size

1.3MB
MD5

004f2ab24be202dce4361658a594116a
SHA1

dbd75133228e3dedc6640ec88e8dace5b3ac75a9
SHA256

4f1d801303e414b824ec750f58bb3c5065f3ab1af5e70f45fcbd43a8ea8fa2e0
SHA512

e2093d7b8a14c9f797adcd4b7d28c83d8442b8652044227ba39ab741cff535f884e73dbadac9380d210c0e649d87506950f3fdd05d2a823f9b6568b0390a7e8d
SSDEEP

24576:Dtva+aFpGbru4ToDcx5maxwsYvDnKp2h7y:hP64ToemSu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stage2.exe

Files

stage2.exe
.exe windows x64

19d72d08cbdb6c7e25582e12e86394a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
NtAllocateVirtualMemory
RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateThreadEx
NtProtectVirtualMemory
NtWriteVirtualMemory
NtReadVirtualMemory

kernel32

InitializeSListHead
GetCurrentThreadId
UnhandledExceptionFilter
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
WriteProcessMemory
GetConsoleWindow
CreateProcessA
CreateFileW
CreateFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
AcquireSRWLockExclusive
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
CopyFileExW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
IsProcessorFeaturePresent
WriteConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime

psapi

EnumProcessModulesEx
GetModuleBaseNameW

user32

SetWindowPos
ShowWindow

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memmove
memcmp
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_set_app_type
_seh_filter_exe
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_get_initial_narrow_environment
_crt_atexit
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19d72d08cbdb6c7e25582e12e86394a2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

psapi

user32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 512B - Virtual size: 824B

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 512B - Virtual size: 824B

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB