CrossHair[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CrossHair.exe
Size

100KB
MD5

2a998cc0d749eaac61ac9d8a2070cd0f
SHA1

fbab141401421d7247523c680e78ae73f2ad68f9
SHA256

1f410c418185a42ecf39cc86d32888cc262b4cbdc65d139051a4779e061c7114
SHA512

a3475124ea498c65d78caa9b9aedf92af9f051d41a0b52a128841d3e8b4db28aeda936f5e0405d314825c5aaa62fad1501d295ebb1af7f95e235420167c59379
SSDEEP

768:VQWjCJ8AJwnilNVYpnpGZb3lKG1tiHMJwim5aOLTxjzm9KcOTOv+CMACouAHjh2o:PCj2iz+GZblKKSRjRcOTOPLUANfKgBMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CrossHair.exe

Files

CrossHair.exe
.exe windows:4 windows x86

1bbac411b215379784a99366d29f8d65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSection
GetVersionExA
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
SetHandleCount
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
OpenProcess
TerminateProcess
CloseHandle
GetModuleFileNameA
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLastError
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LoadLibraryW
WideCharToMultiByte
HeapSize
WriteFile

user32

CopyIcon
SetForegroundWindow
RegisterHotKey
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterHotKey
LoadCursorA
UnregisterClassA
RegisterClassExA
DefWindowProcA
PostQuitMessage
ShowWindow
SetTimer
CreateWindowExA
GetCursorPos
OpenInputDesktop
CloseDesktop
DestroyWindow
KillTimer
SetDlgItemTextA
LoadImageA
SetSystemCursor
DestroyCursor
FindWindowExA
DialogBoxParamA
SetWindowLongA
GetWindowLongA
CheckDlgButton
GetSystemMetrics
GetWindowRect
SetWindowPos
MessageBoxA
IsDlgButtonChecked
PostMessageA
IsWindow
GetWindowThreadProcessId
SendDlgItemMessageA
InvalidateRect
EndDialog
GetDlgItem
EnableWindow

gdi32

CreateSolidBrush
DeleteObject

comdlg32

ChooseColorA

shell32

ShellExecuteA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bbac411b215379784a99366d29f8d65

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

shell32

advapi32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 4KB