superman[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

superman.exe
Size

697KB
MD5

a08a64a1d3001371c232ed23c6152ba1
SHA1

0a6276e86b6cd12c8b2c9352d3bf11e926d9d504
SHA256

2f8a32618e3a0c63350ae6fb2c4cd334e3770d395eafe622988a62688dc76cf9
SHA512

326e8fa7b051fc9534d08e168da49ce4d28a923fb5a28c8746e474ab39f201b5baf8ddca255db7b8f7fdadb26454770a166975ba539dd569a1a8d881e20f6cb9
SSDEEP

12288:xyICxKeZYbXCQaKVtTFZVZsWZAGl7F+lewhnAjJEX6MKJZ:xqx3ZYbNaKPTFfZdAGdFSemOJEX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
superman.exe

Files

superman.exe
.exe windows:6 windows x64

e5a5e3d8b64a09a243e200c5b2600231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
NtQueryInformationProcess
RtlGetVersion
NtWriteFile
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtQuerySystemInformation
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

advapi32

QueryServiceStatus
IsValidSid
GetTokenInformation
OpenProcessToken
CreateServiceA
StartServiceA
LookupAccountSidW
CopySid
SystemFunction036
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
GetLengthSid

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfTable2

kernel32

HeapSize
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
GetLogicalDrives
LCMapStringW
HeapFree
HeapReAlloc
GetLastError
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
lstrlenW
GetStdHandle
GetFileType
GetFileInformationByHandleEx
GetSystemInfo
SwitchToThread
SleepConditionVariableSRW
WakeAllConditionVariable
CloseHandle
WakeConditionVariable
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetModuleFileNameW
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetCurrentThread
GetProcAddress
HeapAlloc
GetProcessHeap
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindClose
GetFileInformationByHandle
WaitForSingleObject
GetModuleHandleW
FormatMessageW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
DeviceIoControl
CreateSemaphoreA
SetConsoleCtrlHandler
CreateFileA
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
OpenProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
VirtualQueryEx
ReadProcessMemory
GetTickCount64
GlobalMemoryStatusEx
GetExitCodeProcess
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
TerminateProcess
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
EncodePointer
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString
VariantClear
SysAllocString

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleBaseNameW
EnumProcessModulesEx
GetProcessMemoryInfo
GetModuleFileNameExW

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

shell32

CommandLineToArgvW
SHGetKnownFolderPath

bcrypt

BCryptGenRandom

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a5e3d8b64a09a243e200c5b2600231

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

iphlpapi

kernel32

netapi32

ole32

oleaut32

pdh

powrprof

psapi

secur32

shell32

bcrypt

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 5KB - Virtual size: 5KB