wXyswzO[.]exe | Triage

Resubmissions

11/12/2023, 21:23

231211-z8sa7aahh7 7

11/12/2023, 21:19

231211-z6ex3shehp 7

Sharing

Copy URL Twitter E-mail

General

Target

wXyswzO.exe
Size

4.8MB
MD5

407f520c9b8fddb1575f7e7d90b7aa83
SHA1

7e8348658a80e2800595fc6a5335e6d2a2e91bc3
SHA256

7c614b4dcb8499e0e28ebbba75cb4acec3b669b48dd01155200f4840c26cbe74
SHA512

2be76c89fb7cf109150dcedfc5704a0a650c4431b846d96e7382e7685a0bc4dce92a2ba9502dd6d3c6b2e422ffbe1e4918c2545bd6dce277e2464bf8f8f511c9
SSDEEP

49152:nWsSI0VYr+Q5eyHg+yA7sSwCi8P2KfTJRH6SvjPxwHcLFOJC4FKkMUkZBD8Y+ar1:+IEUN7sS88hNVDGSqcJHQEiYxiRkohe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wXyswzO.exe

Files

wXyswzO.exe
.exe windows:6 windows x64 arch:x64

31e429712ad0944204bc4672d5773504

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

crypt32

CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptUnprotectData
CertDuplicateCertificateChain
CertOpenStore
CertAddCertificateContextToStore
CertDuplicateStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain

kernel32

UnlockFileEx
IsDebuggerPresent
HeapFree
GetProcessHeap
HeapAlloc
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
SwitchToThread
FindNextFileW
GetLastError
FindClose
CopyFileExW
GetSystemInfo
HeapReAlloc
SleepConditionVariableSRW
WakeAllConditionVariable
SetStdHandle
FreeConsole
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetQueuedCompletionStatusEx
SetLastError
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetHandleInformation
WakeConditionVariable
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtWriteFile
NtReadFile

ws2_32

connect
getsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
shutdown
bind
getpeername
WSASocketW
setsockopt
ioctlsocket
WSAGetLastError
WSAIoctl
getsockname
closesocket

secur32

FreeCredentialsHandle
ApplyControlToken
FreeContextBuffer
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA
EncryptMessage
DeleteSecurityContext

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
strrchr
memmove
memcmp
__CxxFrameHandler3
memset
memcpy

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strspn
strlen
strcmp

api-ms-win-crt-math-l1-1-0

log
pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
realloc
_msize
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_c_exit
_cexit
__p___argv
__p___argc
_exit
_beginthreadex
_endthreadex
_register_onexit_function
exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

31e429712ad0944204bc4672d5773504

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

crypt32

kernel32

ntdll

ws2_32

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 25KB - Virtual size: 27KB

.pdata Size: 90KB - Virtual size: 89KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 25KB - Virtual size: 27KB

.pdata
Size: 90KB - Virtual size: 89KB

.reloc
Size: 26KB - Virtual size: 26KB