msoobe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msoobe.exe
Size

143KB
MD5

cb009d244fe3a1b4667523dfcb30afc2
SHA1

5ed1f1d7046dcfadda91e46edd47398ffe39cc16
SHA256

298390ab805a9622ee11f11087cadb9f9ad0ecbc7f0eefef10f12490df086ae8
SHA512

5eb62507abd5270c3c5e476eea8f34e02a78952441ec5138da5ad6d46c2c681c894ef4cd0bbb9043fede72ce4873af6739ab779a08729cc2d09aabaeeb4dedbe
SSDEEP

3072:L+EdM9+V/9E+WlSJujAiJICvnqzc55cNE/E4ji:LldrV/y+WQAjAYICqzc7cNE/Fji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msoobe.exe

Files

msoobe.exe
.exe windows:10 windows x86

693a84689d47543cd60a1de82ec70e5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventRegister
EventUnregister
RegUnLoadKeyW
RegLoadKeyW
OpenSCManagerW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
QueryServiceStatus
CloseServiceHandle
ControlService
StartServiceW
OpenServiceW
RegDeleteKeyW

kernel32

lstrcmpiW
LocalAlloc
GetVersionExW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFullPathNameW
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
OutputDebugStringA
GetModuleFileNameW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetModuleHandleA
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
OpenMutexW
CreateMutexW
HeapSetInformation
LoadLibraryExW

msvcrt

memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
__p__fmode
_cexit
_exit
exit
memmove
wcschr
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
malloc
free
_wcsnicmp
wcsrchr
_vsnprintf
_wtol
_purecall
strtok_s
_ismbblead
__setusermatherr
_initterm
_acmdln
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
_except_handler4_common
memset

propsys

PropVariantToBoolean
PropVariantToUInt32
PSCreateMemoryPropertyStore
PropVariantToStringAlloc

shell32

SHGetFolderPathEx
ord102

shlwapi

SHEnumKeyExW
ord278
ord219
SHCreateStreamOnFileW
SHCreateThreadRef
ord631
PathAppendW
StrCmpIW
SHSetThreadRef
ord437
ord215
SHStrDupW
ord460

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoGetApartmentType
CoWaitForMultipleHandles
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoGetMalloc
StringFromCLSID
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoSetProxyBlanket

api-ms-win-core-synch-l1-2-0

Sleep
CreateEventExW
InitOnceBeginInitialize
ResetEvent
OpenEventW
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceComplete
SetEvent
CreateEventW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TlsSetValue
TerminateProcess
TlsFree
TlsAlloc
GetCurrentProcess
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWrite
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteTreeW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-file-l1-2-1

CreateFileW
FlushFileBuffers

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-localization-l1-2-1

GetThreadUILanguage
GetUserGeoID

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocString
SysStringLen

comctl32

ord339
ord334
ord329
ord386
ord328
ord336

msctfmonitor

InitLocalMsCtfMonitor
UninitLocalMsCtfMonitor

ntdll

RtlFreeHeap
RtlAllocateHeap
WinSqmStartSession
WinSqmEndSession
WinSqmSetDWORD

user32

EnumDisplaySettingsW
PostQuitMessage
IsHungAppWindow
DefWindowProcW
PostMessageW
DestroyWindow
PostThreadMessageW
SetCursor
GetSystemMetrics
DispatchMessageW
PeekMessageW
LoadCursorW
MsgWaitForMultipleObjectsEx
TranslateMessage

crypt32

CertFindExtension
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptDecodeObjectEx
CryptBinaryToStringW
CertFreeCertificateContext

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

693a84689d47543cd60a1de82ec70e5d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

propsys

shell32

shlwapi

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-1

oleaut32

comctl32

msctfmonitor

ntdll

user32

crypt32

api-ms-win-service-management-l2-1-0

Sections

.text Size: 122KB - Virtual size: 122KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 122KB - Virtual size: 122KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 6KB