elevator[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

elevator.exe
Size

315KB
MD5

73c4afd44c891cd8c5c6471f1c08cbfb
SHA1

3372f8ae05574924144cb9671fc455f6d7fc19e7
SHA256

eb9218ab72b011d8d5075fedeaaed45b3e6889ee5d31b53b617ce6951752f132
SHA512

fe8e07cf2b039ef421a24672435ce4dad506f2317355881b3484fa7bae61856428a54781632cc5bb0615dd07d9fa07d0ce20514dc611f863b55af89b8e77c822
SSDEEP

3072:8+bwPB64+8ZFjwMVuG74CHy/8c77uv6tvkNN0P3ohRogfhr8aTVcZXaKW:8+bwp64JjtVuG7Hy/7uv6tvNPsfHFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
elevator.exe

Files

elevator.exe
.exe windows:6 windows x64 arch:x64

7cd0bbb42d4b316f99f5cabd76b4bcaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
CloseHandle
GetCurrentThread
TerminateProcess
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlCaptureContext
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlLookupFunctionEntry
GetLastError
FormatMessageW
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
WaitForSingleObject
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetThreadContext
GetCommandLineW
GetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
TryAcquireSRWLockExclusive
HeapReAlloc
AcquireSRWLockShared
GetModuleHandleW
GetModuleFileNameW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
GetThreadContext
GetSystemInfo
GetProcAddress
GetModuleHandleA
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036

psapi

EnumProcessModulesEx
GetModuleBaseNameW

user32

GetSystemMetrics

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
__p___argc
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
__p___argv
_initterm
_c_exit
_cexit
abort
_initterm_e
_exit
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
free

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cd0bbb42d4b316f99f5cabd76b4bcaa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

psapi

user32

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 2KB - Virtual size: 1KB