path[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

path.exe
Size

5.5MB
MD5

c6eaeae3cab85586271aa8e94a1d3de8
SHA1

4b7b23bf9e9e966ffcf21e8306f31765b993ae23
SHA256

c91c71046f15cc7f5dc4bb4e1e14b5a7a3329ea95954a245c47e181c808a70d2
SHA512

6ec08f95e66ec4a00c72a5a257bcfbbacad09b8a2de4168780373e76fef6951dc0a830b2eb129799dea8dbdc30eb10bc73061aeeab4ce8074f3bb6ede9e7cc81
SSDEEP

98304:kbRAQ153wREw3in++rfIU41iDT2Ih4F6ZoXAaAvbAVKwnUy10Cy0bu68R4pQfd/i:kbRAQ153wREw3in++rfIU41iDT2Ih4FP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
path.exe

Files

path.exe
.exe windows:6 windows x86

2a872a3ac9b7085812c17293086faa8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetConsoleMode
CancelIo
ReadFile
CreateEventW
GetFinalPathNameByHandleW
EnterCriticalSection
LoadLibraryA
GetFullPathNameW
DeleteFileW
FindFirstFileW
GetFileInformationByHandleEx
FindNextFileW
CreateMutexA
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
LoadLibraryExW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
CreateNamedPipeW
FreeLibrary
GetEnvironmentVariableW
WaitForSingleObjectEx
SetFileTime
AcquireSRWLockShared
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
GetProcessHeap
HeapAlloc
HeapFree
GetOverlappedResult
FormatMessageW
WaitForMultipleObjects
SetEvent
WaitForSingleObject
SleepConditionVariableSRW
ReleaseSRWLockShared
Sleep
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
GetTempPathW
TerminateProcess
lstrlenW
GetProcAddress
LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
TlsSetValue
TlsGetValue
TryAcquireSRWLockExclusive
GetModuleHandleW
GetLastError
ReadFileEx
SleepEx
SetUnhandledExceptionFilter
OpenProcess
IsProcessorFeaturePresent
WriteFileEx
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
VirtualAllocEx
CreateRemoteThread
GetExitCodeThread
WriteProcessMemory
VirtualFreeEx
SetHandleInformation
GetStdHandle
GetTickCount64
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
CreateDirectoryW
SetFilePointerEx
GetProcessTimes
GetExitCodeProcess
DuplicateHandle
GetCurrentProcessId
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
CreateFileW
DeviceIoControl
IsWow64Process
GetCurrentProcess
CreateSymbolicLinkW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlCaptureContext
GetCurrentThread
RtlUnwind
RaiseException
SwitchToThread
GetSystemTimes
GetProcessIoCounters
GetSystemInfo
CloseHandle
GetCurrentThreadId
ReleaseSRWLockExclusive
CreateHardLinkW
AcquireSRWLockExclusive
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FindClose
ReleaseMutex
FreeEnvironmentStringsW
EncodePointer

user32

AppendMenuW
CreateMenu
SetMenuItemInfoW
ToUnicodeEx
GetKeyboardLayout
DestroyWindow
RedrawWindow
GetCursorPos
IsProcessDPIAware
GetDC
CreateAcceleratorTableW
GetSystemMenu
PostQuitMessage
SendMessageW
PostMessageW
SetForegroundWindow
SendInput
ReleaseCapture
SetMenu
ClientToScreen
GetForegroundWindow
MessageBoxW
GetActiveWindow
LoadCursorW
CreateIcon
DispatchMessageA
SetWindowTextW
GetClientRect
GetRawInputData
ShowWindow
CheckMenuItem
SetCursorPos
EnableMenuItem
SetWindowPos
VkKeyScanW
InvalidateRgn
SetCursor
MapVirtualKeyW
MapVirtualKeyExW
GetMessageW
GetAncestor
TranslateAcceleratorW
GetAsyncKeyState
GetKeyState
GetKeyboardState
SetWindowDisplayAffinity
MonitorFromPoint
EnumDisplayMonitors
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetMenu
GetWindowRect
SetCapture
SetWindowLongW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
DestroyIcon
DestroyAcceleratorTable
TranslateMessage
DispatchMessageW
RegisterClassExW
RegisterWindowMessageA
SystemParametersInfoA
EnumChildWindows
PostThreadMessageW
GetMessageA
DefWindowProcW
FlashWindowEx
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetMonitorInfoW
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
ChangeDisplaySettingsExW
GetUpdateRect
ValidateRect
GetWindowPlacement
SetWindowPlacement
PeekMessageW

ws2_32

send
ioctlsocket
WSASocketW
getaddrinfo
recv
setsockopt
select
getsockopt
freeaddrinfo
WSACleanup
WSAStartup
closesocket
connect
WSAGetLastError

secur32

AcquireCredentialsHandleA
LsaEnumerateLogonSessions
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
FreeContextBuffer
DecryptMessage
LsaGetLogonSessionData
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
LsaFreeReturnBuffer

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertGetCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
RegisterDragDrop
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
RevokeDragDrop
CoTaskMemAlloc

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

shell32

SHCreateItemFromParsingName
DragFinish
SHGetKnownFolderPath
DragQueryFileW

uxtheme

SetWindowTheme

advapi32

OpenProcessToken
RegGetValueW
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
RegCloseKey

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear
SysStringLen
SetErrorInfo

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

pdh

PdhCloseQuery
PdhOpenQueryA
PdhAddEnglishCounterW
PdhRemoveCounter
PdhCollectQueryData
PdhGetFormattedCounterValue

ntdll

NtQuerySystemInformation

iphlpapi

FreeMibTable
GetIfEntry2
GetAdaptersAddresses
GetIfTable2

powrprof

CallNtPowerInformation

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

psapi

GetPerformanceInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

floor
trunc
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
wcsncmp
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_controlfp_s
terminate
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_narrow_environment
__p___argv
__p___argc
_get_initial_narrow_environment
_exit
_configure_narrow_argv
_seh_filter_exe
exit
_initterm_e
_crt_atexit
_set_app_type
_initterm

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a872a3ac9b7085812c17293086faa8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

secur32

crypt32

comctl32

ole32

gdi32

dwmapi

shell32

uxtheme

advapi32

oleaut32

bcrypt

pdh

ntdll

iphlpapi

powrprof

netapi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 130KB - Virtual size: 130KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 130KB - Virtual size: 130KB