executable[.]1000[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

executable.1000.exe
Size

26KB
MD5

82813b19d8cd596f0301035abfa942ff
SHA1

4c16050a6ad9b95ef6f7849ff7b1092db83f2794
SHA256

ae3162e384824cae25fe2c416b1b0316c80007b1d182523dc387f89e80c3bd67
SHA512

7ba00b817e453484f21b9555823d15b758ae3d276561ff6acaea036265c41ab7cbc416f1e34a4e7e71328d75b6c1a792a9bc9043f13485bcc3259d22dd3b5d3d
SSDEEP

768:FWkX7q+f5TYvVeZMmn+0C4xpMEbvKfPK:FX5fhuZE55vKfPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
executable.1000.exe

Files

executable.1000.exe
.exe windows x64

a72a57a50050874d785495b82d201cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
memset

ntdll

RtlSubAuthoritySid
RtlLengthRequiredSid
RtlFreeHeap
RtlCopySid
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
EtwEventWrite
RtlImageNtHeader
EtwEventRegister
RtlUnhandledExceptionFilter
EtwEventEnabled
RtlSetProcessIsCritical
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId

kernel32

LocalAlloc
CloseHandle
LocalFree
ExpandEnvironmentStringsW
WideCharToMultiByte
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
ExitProcess
GetCommandLineW
SetErrorMode
LoadLibraryExW
GetProcessHeap
CreateActCtxW
InitializeCriticalSection
ActivateActCtx
RegQueryValueExW
LeaveCriticalSection
lstrcmpW
lstrlenW
DeactivateActCtx
ReleaseActCtx
EnterCriticalSection
SetProcessAffinityUpdateMode
RegisterWaitForSingleObjectEx
RegOpenKeyExW
lstrcmpiW
HeapSetInformation
RegDisablePredefinedCacheEx
RegCloseKey
LCMapStringW
HeapFree
HeapAlloc

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetLengthSid
InitializeAcl

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

rpcrt4

RpcServerUnregisterIf
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcMgmtSetServerStackSize
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
RpcServerUnregisterIfEx

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a72a57a50050874d785495b82d201cf8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-0

kernel32

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

rpcrt4

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 84B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 84B