mcbuilder[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mcbuilder.exe
Size

296KB
MD5

1b9b66761b6099de900956910fa98ff5
SHA1

c01427b78781299c9484911483ffb928b2ccf285
SHA256

6d37ea8a1b4d689782301be1aef394b380d2308d40eba55a0021cd311cc14ee1
SHA512

5e5c4e52039178e35452a54f6fefb0c57af7e60c2b38c9e411b686fe360566d2822b656c4311bae2415de5042cad7002021cb76ac74320080737bec00511f127
SSDEEP

3072:ndw8O3YG94QzDYltKTw9Z4pNQC2mC3ka/mMXjU4Q+ADBNJjR8yKTdX5LnduWLwyO:4zDYl8TgqYkqmPnfr90dbnwy+Yvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mcbuilder.exe

Files

mcbuilder.exe
.exe windows:10 windows x86

750632503598c043b72e4b312a659cce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegEnumValueW
RegOpenKeyExW
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
GetSystemTimeAsFileTime
GetSystemPreferredUILanguages
LoadLibraryW
GetSystemTime
FreeResource
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
GetSystemDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesW
FlushViewOfFile
RemoveDirectoryW
DeleteFileW
GetLastError
LCIDToLocaleName
FindClose
EnumUILanguagesW
GetSystemDefaultUILanguage
FindNextFileW
FindFirstFileW
SystemTimeToFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
GetStringTypeW
SetLastError
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
CloseHandle
GetFileType
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
IsValidLocale
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CompareStringW
LCMapStringW
CreateFileW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
WriteConsoleW
DecodePointer
RaiseException
FlsAlloc
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemWindowsDirectoryW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
GetFileAttributesExW
SetFileAttributesW
ExpandEnvironmentStringsW
GlobalMemoryStatusEx
DeviceIoControl
GetDiskFreeSpaceExW
LocalFree

ntdll

RtlInitUnicodeString
NtUnmapViewOfSection
RtlUnwind
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlFreeHeap
RtlExpandEnvironmentStrings
RtlReAllocateHeap
RtlGetSystemPreferredUILanguages
EtwEventEnabled
RtlAllocateHeap
NtMapViewOfSection
RtlNtStatusToDosError
RtlUnicodeStringToInteger

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

750632503598c043b72e4b312a659cce

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

wkscli

netutils

Sections

.text Size: 263KB - Virtual size: 262KB

PAGELK Size: 5KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 263KB - Virtual size: 262KB

PAGELK
Size: 5KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB