controller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

controller.exe
Size

3.3MB
MD5

04754a7b9eb785450822ce826809b854
SHA1

98a9875a3ca926bdf5e11cfc55788fa4a890b1da
SHA256

ad9c8996d6ef2ea7ebc6a2ac280fd534f54e0f637b56fe91298dd91b498181a9
SHA512

70003edea61a719116d1dc9208700f909afaff6862042eaef6c5ba566bbc8c46fdcf0964d5db82a05a8ac0d75d8d0374d8ef45efe999ca3a7a0d0473e7f399b9
SSDEEP

49152:rCBhtI6lXHavaCWzcjCP8KnFHwTvC6NZfJmSfSY7jwhs8xdDjtMSyfnX:OBhflKvIDPTnFPap7iNdDjtM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
controller.exe

Files

controller.exe
.exe windows:6 windows x64 arch:x64

faedbb015de3a31cdc62e0394e98eb33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtReadFile
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
NtWriteFile
RtlGetVersion

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

kernel32

HeapSize
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
QueryPerformanceCounter
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetLastError
GetFileSizeEx
GetCurrentThreadId
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
LCMapStringW
CloseHandle
GetConsoleProcessList
CompareStringW
GetCommandLineW
GetStdHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FlsFree
FlsSetValue
FlsGetValue
DeviceIoControl
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
CreateFileA
SwitchToThread
GetConsoleMode
GetFileType
GetFileInformationByHandleEx
OutputDebugStringW
GetCommandLineA
GetProcessHeap
WriteFile
ReadFile
GetModuleHandleExW
TlsFree
TlsSetValue
SetEndOfFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalLock
GlobalSize
WideCharToMultiByte
GlobalUnlock
LeaveCriticalSection
MultiByteToWideChar
GlobalAlloc
EnterCriticalSection
RaiseException
GlobalFree
FreeLibrary
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
CreateMutexA
GetEnvironmentVariableW
InitializeSListHead
GetModuleFileNameW
ReleaseMutex
GetCurrentProcess
CreateFileW
GetFileInformationByHandle
HeapFree
LoadLibraryA
FlsAlloc
GetModuleHandleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleMode
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemTimeAsFileTime
ExitProcess
FindClose
CreateThread
FindFirstFileW
SetFilePointerEx
SetThreadErrorMode
LoadLibraryExW
GetProcAddress
Sleep
WaitForSingleObjectEx
GetCurrentThread
TryAcquireSRWLockExclusive
WaitForSingleObject
WriteConsoleW
SetLastError
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetFullPathNameW

user32

GetKeyState
ToUnicodeEx
RegisterWindowMessageA
GetKeyboardLayout
GetWindowPlacement
SetWindowPlacement
DestroyIcon
SendMessageW
SetWindowLongW
GetWindowLongW
GetMenu
AdjustWindowRectEx
GetActiveWindow
GetClipCursor
ClipCursor
ShowCursor
SystemParametersInfoA
PostMessageW
FindWindowExA
IsProcessDPIAware
GetClientRect
ChangeDisplaySettingsExW
GetWindowThreadProcessId
SetForegroundWindow
GetWindowRect
SendInput
MapVirtualKeyW
FindWindowW
ScreenToClient
RegisterClassExW
CreateWindowExW
GetDC
RegisterTouchWindow
GetSystemMetrics
GetUpdateRect
ValidateRect
GetRawInputData
GetKeyboardState
GetAsyncKeyState
MsgWaitForMultipleObjectsEx
GetWindowLongPtrA
PeekMessageW
PostThreadMessageW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
CloseTouchInputHandle
GetTouchInputInfo
DefWindowProcW
MapVirtualKeyA
ReleaseCapture
SetCapture
TrackMouseEvent
SetWindowLongPtrW
RegisterRawInputDevices
OpenClipboard
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
GetCursorPos
MessageBoxA
SetWindowDisplayAffinity
RedrawWindow
GetWindowLongPtrW
InvalidateRgn
SetWindowPos
ShowWindow
SetCursor
LoadCursorW
SetCursorPos
SendMessageA
MoveWindow
GetFocus
ClientToScreen
SetActiveWindow
SetWindowLongPtrA
SetWindowLongA

shell32

IsUserAnAdmin
DragFinish
DragQueryFileW

ole32

OleInitialize
RegisterDragDrop
CoInitializeEx
CoUninitialize
RevokeDragDrop
CoCreateInstance

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

uxtheme

SetWindowTheme

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faedbb015de3a31cdc62e0394e98eb33

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

bcrypt

advapi32

kernel32

user32

shell32

ole32

imm32

winmm

gdi32

dwmapi

oleaut32

uxtheme

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 658KB - Virtual size: 657KB

.data Size: 4KB - Virtual size: 52KB

.pdata Size: 56KB - Virtual size: 56KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 658KB - Virtual size: 657KB

.data
Size: 4KB - Virtual size: 52KB

.pdata
Size: 56KB - Virtual size: 56KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 15KB - Virtual size: 14KB