Sy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Sy.exe
Size

314KB
MD5

b386e1e431f39037ceb30e91a63e24ed
SHA1

a1ed41073786093bb0a39fa308843d8b0d683971
SHA256

15e03f9108af36c23efa57ef9f3fbe1f111c4fdf82e542ac5a5d69dc2c43d24d
SHA512

7529134ed3c1cf840c82b81d213ad9b1b65fcee61640221a702cd828b528de6f32459dfbf8c80ced75e47e51c4c0107ce1a54da62edd3259096ee388f2e174d6
SSDEEP

6144:aphY+gthzn+wtXH+JzpqoSopUgFFSfOqoJ0qW55s/WkDPl:aoN7z+s30zpLfFOh60qW5WlDPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sy.exe

Files

Sy.exe
.exe windows:5 windows x86

3ab151ffc8724fc059f91a399cced816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord88
ord127
ord41
ord26
ord79
ord142
ord224
ord46
ord27
ord16
ord13
ord147
ord167
ord208
ord145
ord140
ord36
ord14
ord73

kernel32

GetThreadPriority
GetStringTypeW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetFilePointerEx
GetConsoleMode
HeapReAlloc
LoadLibraryW
WriteFile
WideCharToMultiByte
CreateFileW
MultiByteToWideChar
CompareStringW
lstrlenW
GetThreadLocale
GetLastError
Sleep
UnregisterWait
SetStdHandle
WriteConsoleW
GetConsoleCP
TlsGetValue
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
CloseHandle
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
HeapAlloc
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
GetCommandLineW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
CreateThread
ExitThread
LoadLibraryExW
HeapFree
InitializeCriticalSectionAndSpinCount
SignalObjectAndWait
CreateTimerQueueTimer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
CreateTimerQueue
IsDebuggerPresent
GetStdHandle
GetModuleFileNameW
GetProcessHeap
HeapSize
GetFileType
InterlockedIncrement
GetACP
FreeLibrary
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
OutputDebugStringW
SwitchToThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
GetTickCount
GetVersionExW
VirtualAlloc

advapi32

LookupAccountSidW
ConvertStringSidToSidW

iphlpapi

SendARP

ws2_32

inet_ntoa
inet_addr
WSAStartup
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

netapi32

NetApiBufferFree
NetSessionEnum
NetLocalGroupGetMembers
NetGroupGetUsers

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ab151ffc8724fc059f91a399cced816

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

advapi32

iphlpapi

ws2_32

mpr

netapi32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 40KB - Virtual size: 40KB