xdxd[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

xdxd.exe
Size

8.1MB
MD5

3b0adf32b3e40b31c07df077a68a20cc
SHA1

a9930ab309507543038176bef004ab345cb4f2b8
SHA256

789dddf5a53841fa485137064223db3475d158d485d3852a6a7f9885e2353d32
SHA512

a48c062cd67d75ef9c2cbb5455c16c6b512f521c1e16cd0f44f32d3ce7f3cdff64542fc4cad895184e5daf9917110b128f8306f86dc2ccd090c0e2f3c1508d03
SSDEEP

196608:BjE5voTLDihv2dy0bVYCAy+Goz+XmNnYq0oaLAudS970qZh:BjyvoTXLbVYFVGEOm5YGacMBq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xdxd.exe

Files

xdxd.exe
.exe windows:6 windows x64

3b828a9531a9a859c2ac5c203d6a4327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

gdi32

CreateRoundRectRgn

msvcp140

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z

user32

ReleaseCapture

kernel32

OutputDebugStringW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmSetCompositionWindow

advapi32

GetTokenInformation

normaliz

IdnToAscii

wldap32

ord30

crypt32

CertCreateCertificateChainEngine

ws2_32

gethostname

shell32

ShellExecuteW

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr

api-ms-win-crt-stdio-l1-1-0

fflush

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-runtime-l1-1-0

terminate

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-math-l1-1-0

_dsign

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._S?
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.{Cu
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.{u,
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b828a9531a9a859c2ac5c203d6a4327

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

gdi32

msvcp140

user32

kernel32

imm32

advapi32

normaliz

wldap32

crypt32

ws2_32

shell32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 748KB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 5.1MB

.pdata Size: - Virtual size: 30KB

._S? Size: - Virtual size: 1.9MB

.{Cu Size: 5KB - Virtual size: 5KB

.{u, Size: 8.1MB - Virtual size: 8.1MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 748KB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 5.1MB

.pdata
Size: - Virtual size: 30KB

._S?
Size: - Virtual size: 1.9MB

.{Cu
Size: 5KB - Virtual size: 5KB

.{u,
Size: 8.1MB - Virtual size: 8.1MB

.rsrc
Size: 512B - Virtual size: 480B