1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

2.6MB
MD5

153498c8c9ae04c389960b70f0976ba1
SHA1

323ff7e5ec81cbde3b7aacef741e4e2db93d89d7
SHA256

0a0ef8130c1efc20b40b80d61a192a4c45933ecef9bb106865bf7b8fe8771bc2
SHA512

650ae98a54430ede8e64ce8e60844896b20c50c70382d6efcda624d05290399a43bc33ddf90d826d6daf1164738a4befb3cc0e36826570c50c37afacd4a0c013
SSDEEP

49152:CPnF13gjtDGLiqXX5sTULDI3Nlkxzih1csQm:KbctDPNlkAhesQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows:5 windows x64

76a3cb4434dd89a7a84f8b4f9aeaa824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesExA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetACP
GetNumberFormatA
GetTempFileNameA
GetTempPathA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProfileIntA
Sleep
SearchPathA
VirtualProtect
FindResourceExW
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
GetStdHandle
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
lstrcmpA
GetModuleHandleW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
GetCurrentProcessId
GetModuleFileNameA
GlobalLock
GlobalUnlock
MulDiv
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetModuleHandleA
GetProcAddress
CompareStringA
LoadLibraryW
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
MultiByteToWideChar
lstrcmpW
lstrcmpiA
HeapSetInformation
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryW
CreateThread
DeleteFileA
GetVersion
SetFileTime
WriteFile
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrcatA
lstrlenA
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
CreateFileA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FreeLibrary
LoadLibraryA
GetCurrentProcess
GetWindowsDirectoryA
GetDriveTypeW

user32

IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
SetClassLongPtrA
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
TranslateAcceleratorA
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
NotifyWinEvent
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
DrawIconEx
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowPos
GetWindow
EnableWindow
GetClientRect
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
SetWindowLongA
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
DestroyIcon
IsIconic
LoadCursorW
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
CheckMenuItem
GetSysColorBrush
RealChildWindowFromPoint
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
UnregisterClassA
CharUpperA
GetSystemMetrics
MapVirtualKeyA
GetKeyNameTextA
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetCursorPos
WindowFromPoint
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetNextDlgGroupItem
LoadImageA
CopyImage
GetIconInfo
OffsetRect
GetTopWindow
MessageBeep
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
UpdateWindow
IsWindow
MessageBoxA
MoveWindow
GetWindowRect
PostMessageA
KillTimer
SetTimer
wsprintfA
InvalidateRect
GetParent
SetCursor
LoadCursorA
SendMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
GetClassLongA
EnableMenuItem

gdi32

CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetObjectA
CreateFontIndirectA
GetStockObject
CreateSolidBrush
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetTextColor
GetTextFaceA
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
SelectPalette
GetObjectType
GetDeviceCaps
CreatePen
CreateHatchBrush
CopyMetaFileA
CreateDCA
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32A
SetRectRgn
CombineRgn
DPtoLP
GetTextMetricsA
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetBkColor

shell32

SHAppBarMessage
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

ws2_32

WSAIoctl
setsockopt
__WSAFDIsSet
WSASetLastError
getsockopt
getpeername
freeaddrinfo
getaddrinfo
sendto
recvfrom
ioctlsocket
gethostname
htonl
ntohl
htons
inet_addr
WSACleanup
closesocket
WSAStartup
select
socket
WSAGetLastError
connect
recv
send
shutdown
gethostbyname
inet_ntoa
bind
listen
getsockname
ntohs
accept

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

CryptDestroyHash
CryptDestroyKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CryptEncrypt
CryptImportKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
CryptGetHashParam

ole32

CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
VarBstrFromDate
SysAllocString
SysFreeString

wldap32

ord46
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41

crypt32

CertFreeCertificateContext

Exports

Exports

AddFile
AddFile1
RecvFile
SendFile

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76a3cb4434dd89a7a84f8b4f9aeaa824

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msimg32

comctl32

shlwapi

ws2_32

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

advapi32

ole32

oleaut32

wldap32

crypt32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 592KB - Virtual size: 591KB

.data Size: 32KB - Virtual size: 81KB

.pdata Size: 89KB - Virtual size: 89KB

text Size: 3KB - Virtual size: 2KB

data Size: 2KB - Virtual size: 1KB

.rsrc Size: 97KB - Virtual size: 100KB

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 592KB - Virtual size: 591KB

.data
Size: 32KB - Virtual size: 81KB

.pdata
Size: 89KB - Virtual size: 89KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 97KB - Virtual size: 100KB

.reloc
Size: 77KB - Virtual size: 77KB