al-khaser_x86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

al-khaser_x86.exe
Size

362KB
MD5

b09c5f2601caaf331013db554c63ce37
SHA1

cecc56757af3f7a8e488b396d065ff3acb515610
SHA256

2194d9fbdc9bbac23a35a309d7d260308e273a87b04a9d863f5e601e8d0c92af
SHA512

37f99633697f33808ca88928829d8119d8392c02b05e805be4daef545083c4e9c41b5c0755579babff7b3db6a939d17851c7f26edcf2f47cbe2d09b1679d6b2f
SSDEEP

6144:gSVFegGEpwqFdPNwABeSbx8JSPNX2NNNytjHaUH:gSVFeEwqFdPN6ImNmHHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
al-khaser_x86.exe

Files

al-khaser_x86.exe
.exe windows x86

edaaf856ae378e74cedbedd473275784

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
OutputDebugStringW
GetLastError
GetModuleHandleExW
VirtualQuery
OpenProcess
K32GetModuleFileNameExW
GetWindowsDirectoryW
QueryInformationJobObject
GetCurrentProcessId
K32GetProcessImageFileNameW
QueryDosDeviceW
GetSystemDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
K32GetMappedFileNameW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CreateMutexW
SetHandleInformation
CreateEventW
SetEvent
CreateThread
SwitchToThread
WaitForSingleObject
SetUnhandledExceptionFilter
RaiseException
GetWriteWatch
GlobalGetAtomNameW
GetBinaryTypeW
HeapQueryInformation
ReadProcessMemory
ResetWriteWatch
GetModuleHandleW
GetComputerNameW
GetComputerNameExW
GetSystemWindowsDirectoryW
CreateFileW
LocalAlloc
DeviceIoControl
LocalFree
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ExpandEnvironmentStringsW
HeapAlloc
ReadFile
HeapFree
LoadLibraryA
GetStdHandle
Sleep
SetConsoleTextAttribute
SetConsoleTitleW
GetConsoleWindow
FormatMessageW
lstrlenW
LocalSize
MultiByteToWideChar
GetFileAttributesW
Process32FirstW
Process32NextW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx
WriteConsoleW
SetEndOfFile
HeapSize
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
GetOEMCP
GetACP
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
K32GetModuleInformation
VirtualProtect
GetSystemInfo
GetProcessHeap
IsDebuggerPresent
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
VirtualFree
GetCurrentThread
GetThreadContext
IsValidCodePage
GetStringTypeW
GetCPInfo
HeapReAlloc
GetFileType
LCMapStringW
CompareStringW
GetCommandLineW
DecodePointer
GetCommandLineA
WriteFile
SetEnvironmentVariableW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VirtualAlloc
CloseHandle
GetCurrentProcess
GetConsoleScreenBufferInfo
CheckRemoteDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
AreFileApisANSI
WideCharToMultiByte
GetSystemTimeAsFileTime

user32

FindWindowW
wsprintfW
GetWindowThreadProcessId
GetShellWindow
MoveWindow
GetSystemMetrics
GetMessageW
KillTimer
DispatchMessageW
TranslateMessage
SetTimer

advapi32

EnumServicesStatusExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
GetUserNameW
CloseServiceHandle
OpenSCManagerW
RegEnumKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetElement
SafeArrayUnaccessData
SysFreeString
SafeArrayGetUBound
SafeArrayAccessData
SysAllocString

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathGetDriveNumberW
StrCmpIW
StrChrW
StrCmpW
wnsprintfW
ord156
StrStrIW
StrStrW
StrCmpNIW

mpr

WNetGetProviderNameW

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
GetAdaptersInfo

winmm

timeGetDevCaps
timeEndPeriod
timeKillEvent
timeSetEvent

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

powrprof

GetPwrCapabilities

slwga

SLIsGenuineLocal

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edaaf856ae378e74cedbedd473275784

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mpr

iphlpapi

winmm

setupapi

powrprof

slwga

Sections

.text Size: 179KB - Virtual size: 178KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 100KB - Virtual size: 103KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 179KB - Virtual size: 178KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 100KB - Virtual size: 103KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 10KB - Virtual size: 9KB