App1234[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

App1234.exe
Size

4.0MB
MD5

e8a7ed6986b1178188c27b9761f39762
SHA1

3693c63cbe3ca5812d69b6afc64aff27fcd486ba
SHA256

e7df475c90b173430ea4bc85e2006a7e03b7ada50323c1e9fc6dc85d6265a18f
SHA512

f561b04e9402ad93a2c43e3c2f3ac264c9f7dad7a133fc0bcb5d5f682d2f6c7e0935c1da3855840c834c63459b1566fd5cace8c0f438e883e489bbfc4663afea
SSDEEP

98304:B3CNpyBPtb7dRfe/HEkxUzTFDxbIVZNjn98ftpkHf:B2Itb7dRfe/HEeUzTXYbu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
App1234.exe

Files

App1234.exe
.exe windows:6 windows x86

e77b2b68e7e98ffac68641bdc168e821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
MultiByteToWideChar
WriteConsoleW
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
RtlCaptureContext
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetCurrentThread
GetProcAddress
ReleaseMutex
CreateMutexA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
DeleteFileW
SetFileInformationByHandle
CopyFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
TlsFree
GetProcessIoCounters
LoadLibraryA
WaitForSingleObjectEx
TlsGetValue
TlsSetValue
GetTickCount64
AcquireSRWLockExclusive
InitOnceComplete
TlsAlloc
GetLogicalDrives
HeapReAlloc
InitOnceBeginInitialize
SwitchToThread
SetHandleInformation
HeapFree
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
FreeLibrary
AddVectoredExceptionHandler
SetFilePointerEx
VirtualQuery
LoadLibraryExW
IsProcessorFeaturePresent
TerminateProcess
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetFinalPathNameByHandleW
GetFileInformationByHandle
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetSystemInfo
GetModuleHandleA
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
Sleep
IsDebuggerPresent
GetComputerNameExW
WakeAllConditionVariable
SleepConditionVariableSRW
GetExitCodeProcess
WaitForSingleObject
GetLastError
GetOverlappedResult
WaitForMultipleObjects
GetConsoleMode
CloseHandle
WakeConditionVariable
GetSystemTimes

crypt32

CryptUnprotectData
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain

advapi32

IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
SystemFunction036
OpenProcessToken
GetTokenInformation
CopySid
GetLengthSid

user32

GetMonitorInfoW
EnumDisplayMonitors
GetSystemMetrics
EnumDisplaySettingsExW

gdi32

DeleteObject
CreateDCW
GetObjectW
GetDIBits
SetStretchBltMode
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
DeleteDC

bcrypt

BCryptGenRandom

ws2_32

getsockopt
shutdown
WSASend
bind
WSASocketW
closesocket
ioctlsocket
getaddrinfo
freeaddrinfo
WSAIoctl
setsockopt
send
WSACleanup
recv
getsockname
WSAGetLastError
getpeername
connect
WSAStartup

ntdll

NtWriteFile
NtReadFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtQuerySystemInformation
NtCreateFile

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
InitializeSecurityContextW
DecryptMessage
QueryContextAttributesW
AcquireCredentialsHandleA
ApplyControlToken

psapi

GetPerformanceInfo
EnumProcessModules
GetModuleFileNameExW
GetModuleInformation

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
CoSetProxyBlanket

iphlpapi

FreeMibTable
GetIfTable2
GetAdaptersAddresses
GetIfEntry2

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups

pdh

PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

powrprof

CallNtPowerInformation

oleaut32

SysAllocString
GetErrorInfo
SysStringLen
SysFreeString
VariantClear

vcruntime140

memcpy
memset
memmove
memcmp
_CxxThrowException
__CxxFrameHandler3
strrchr
_except_handler4_common
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strncmp
strcspn

api-ms-win-crt-math-l1-1-0

log10
log
_dclass
pow
ceil
round
exp2
__setusermatherr
floor

api-ms-win-crt-heap-l1-1-0

malloc
_msize
_set_new_mode
realloc
free

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm_e
_initialize_narrow_environment
exit
_exit
__p___argc
__p___argv
_cexit
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_beginthreadex
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_endthreadex
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77b2b68e7e98ffac68641bdc168e821

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

advapi32

user32

gdi32

bcrypt

ws2_32

ntdll

secur32

psapi

ole32

iphlpapi

netapi32

pdh

powrprof

oleaut32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 18KB - Virtual size: 20KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 18KB - Virtual size: 20KB

.reloc
Size: 101KB - Virtual size: 100KB