superman[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

superman.exe
Size

700KB
MD5

2a835322816d6078d9069f107f3c94d8
SHA1

aca6072141ddf90ae07cd8c05d60ea46a12ae710
SHA256

d8ea4c260ca96f0446e5d3ac62a84c66cff5cea0adf35b08e406309c44bff473
SHA512

e366a3412fb50ab35530dc0d80bd3c14d4518fb84f2b6fdd84d07ba526f16f73a37b3b3d892acd59b43d55fd077c9fc7ecaf1a59dce6d1c19edbbf464dcdbc63
SSDEEP

12288:t+XZ9aQg+Yzt80Z6sX+pmgVusbbC6qNSEa7NMMTjMjJEX66KPx:tW/aQ8t80PEVusbVRMzJEX6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
superman.exe

Files

superman.exe
.exe windows:6 windows x64

6c0dee077437d85ddb4b0dbf980e4d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
NtQueryInformationProcess
NtQuerySystemInformation
RtlGetVersion
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

advapi32

StartServiceA
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
SystemFunction036
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
CreateServiceA
LookupAccountSidW

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfTable2

kernel32

GetConsoleOutputCP
SetFilePointerEx
FlushFileBuffers
HeapFree
HeapReAlloc
GetConsoleMode
SetConsoleMode
GetLastError
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
lstrlenW
GetFileType
GetFileInformationByHandleEx
GetSystemInfo
SwitchToThread
SleepConditionVariableSRW
WakeAllConditionVariable
CloseHandle
WakeConditionVariable
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetModuleFileNameW
TryAcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
GetProcAddress
HeapAlloc
GetProcessHeap
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
DeleteFileW
FindFirstFileW
FindClose
GetFileInformationByHandle
WaitForSingleObject
GetModuleHandleW
FormatMessageW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
CreateSemaphoreA
SetConsoleCtrlHandler
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
OpenProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
VirtualQueryEx
ReadProcessMemory
GetTickCount64
GlobalMemoryStatusEx
GetExitCodeProcess
GetLogicalDrives
EncodePointer
InitializeSListHead
GetCurrentThreadId
HeapSize
GetStringTypeW
SetStdHandle
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineA
WriteFile
GetModuleHandleExW
TerminateProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
RaiseException

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
SysFreeString

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddEnglishCounterW
PdhOpenQueryA

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetProcessMemoryInfo
EnumProcessModulesEx
GetModuleBaseNameW
GetModuleFileNameExW

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

shell32

CommandLineToArgvW
SHGetKnownFolderPath

bcrypt

BCryptGenRandom

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c0dee077437d85ddb4b0dbf980e4d47

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

iphlpapi

kernel32

netapi32

ole32

oleaut32

pdh

powrprof

psapi

secur32

shell32

bcrypt

Sections

.text Size: 480KB - Virtual size: 479KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 20KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 480KB - Virtual size: 479KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 5KB - Virtual size: 4KB