main[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

main.exe
Size

4.8MB
MD5

a21693fb16885a0a99cfcb0af60adb7b
SHA1

3fbc0e9936034a8b7af8f01a352ec036dd5f8f09
SHA256

db11c327f8530959a854328d2df8d6cde6c7b979efc3d9794da8a285b6e8b608
SHA512

874a67588977462e564409da8f53fc298a56797a28494311426f0c4c3a94466a7cb26e933fd3c1b12245fb3ee0e09b3f123c145ef3c7aaf6e19f74842974499f
SSDEEP

98304:LOPdii5R+FEzANAzZjQE3znpbxbQ+GQr4l2mPBiP6w:C55GETV3zpbxbWjBVw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Program Files (x86)/MachinerData/main.exe

Files

main.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Program Files (x86)/MachinerData/main.exe
.exe windows x86

Password: S@ndb0x!2023@@

c2ee2df9c0892ed73e8ae4b89a9ea294

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
_except_handler3
__getmainargs
_acmdln
exit
_initterm

kernel32

QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
ExitProcess
SetConsoleCtrlHandler
HeapDestroy
lstrcatW
FindClose
CreateDirectoryW
GetCurrentProcess
FindResourceExW
CreateMutexW
LocalFree
LockResource
GetTickCount
GlobalAlloc
VirtualQuery
PeekNamedPipe
FreeLibrary
TerminateProcess
InitializeCriticalSection
HeapFree
GetProcessHeap
HeapSize
HeapReAlloc
GetLocaleInfoW
GetFileAttributesW
SetLastError
CreateThread
GetFileType
GetStringTypeW
SetCurrentDirectoryA
SetEvent
GetShortPathNameW
SetCurrentDirectoryW
InterlockedDecrement
InterlockedCompareExchange
ReleaseMutex
DeleteFileA
GetLastError
CancelIo
AddAtomA
AddAtomW
BackupWrite
GetModuleHandleW
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
GetVersion
LoadLibraryA
GetDiskFreeSpaceExW

user32

RemovePropW
DrawEdge
SetScrollInfo
CloseClipboard
CheckDlgButton
CheckRadioButton
CopyImage
SetPropW
CallNextHookEx
CallWindowProcW
GetSystemMetrics
GetScrollPos
SetScrollPos
ScrollWindow
EndPaint
TrackPopupMenu
GetUpdateRect
DrawMenuBar
DestroyWindow
MessageBoxW
SetFocus
SetWindowPlacement
SetWindowPos
GetClassInfoExW
DefWindowProcW
GetMessageTime
ValidateRect
TranslateMessage
GetMessageW
BeginPaint
SetWindowLongW

winspool.drv

ClosePrinter
DocumentPropertiesW
GetJobW
OpenPrinterW

advapi32

AllocateLocallyUniqueId
IsTextUnicode
GetFileSecurityW
EnumServicesStatusW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueW
OpenSCManagerW
QueryServiceConfigW
SetFileSecurityW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
QueryServiceStatus
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyW
GetServiceDisplayNameW
RegCloseKey

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pxa0
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

c2ee2df9c0892ed73e8ae4b89a9ea294

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 14.1MB

.tls Size: 512B - Virtual size: 12B

.pxa0 Size: 653KB - Virtual size: 653KB

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 14.1MB

.tls
Size: 512B - Virtual size: 12B

.pxa0
Size: 653KB - Virtual size: 653KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB