Elexe[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Elexe.exe
Size

3.8MB
MD5

c518318a9f8ab544e3b0c6771dac10df
SHA1

6a22586175b6fad7de878c453706ff06faa10da2
SHA256

7d73a9011dd9a0c734eb8e845269c61631911341d6d4129ffdfb99e181bd9818
SHA512

4d46c5db02883717cbaca6c70ed3ef327c7a6142613d6fa6e93169cb4b232ed8f7da718576ae0a2b98528272e18ae4c57b50d2746dd3d5d09225998d05dcde13
SSDEEP

98304:NW2eyqNwkoUJwAheAjETw9jLIJ/SeUowlWYCS1F6cqm8Yf8EXp3bR/t+hXXdWUHE:NW2eyqNwkoUJwAheAjETw9jLIJ/SeUo1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Elexe.exe

Files

Elexe.exe
.exe windows:6 windows x86 arch:x86

644b4af2790bb7acc1bf2354a767c972

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

AssocQueryStringW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlCaptureContext
NtCancelIoFileEx
NtQuerySystemInformation

bcrypt

BCryptGenRandom

kernel32

SetConsoleCursorPosition
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetConsoleWindow
CloseHandle
GlobalMemoryStatusEx
GetTickCount64
lstrlenW
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
GetLastError
GetStdHandle
CreateFileW
GetLogicalDrives
GetVolumeInformationW
DeviceIoControl
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetFileInformationByHandleEx
SetUnhandledExceptionFilter
SetConsoleMode
GetConsoleMode
GetSystemInfo
GetDiskFreeSpaceExW
TlsSetValue
GetSystemTimeAsFileTime
TlsGetValue
WaitForSingleObject
CreateRemoteThread
GetProcAddress
SetConsoleTextAttribute
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
WriteConsoleW
HeapAlloc
HeapFree
GetProcessHeap
GetConsoleScreenBufferInfo
TlsFree
InitOnceComplete
TlsAlloc
InitOnceBeginInitialize
GetDriveTypeW
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
CreateThread
GetCurrentProcess
DuplicateHandle
OpenProcess
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
CreateNamedPipeW
GetFullPathNameW
SetHandleInformation
GetModuleFileNameW
FormatMessageW
GetModuleHandleW
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
Sleep
FindFirstFileW
GetFileInformationByHandle
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
CreateMutexA
SetFilePointerEx
CreateDirectoryW
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
HeapReAlloc
WaitForSingleObjectEx
IsProcessorFeaturePresent

user32

InsertMenuItemW
GetWindowThreadProcessId
PostQuitMessage
GetCursorPos
SetForegroundWindow
FindWindowA
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
CreatePopupMenu
SetMenuInfo
GetMessageW
TranslateMessage
DefWindowProcW
DispatchMessageW
PostMessageW
TrackPopupMenu
GetMenuItemID
ShowWindow

shell32

Shell_NotifyIconW
SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoUninitialize

advapi32

SystemFunction036
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken

pdh

PdhCloseQuery
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData
PdhRemoveCounter

powrprof

CallNtPowerInformation

oleaut32

SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

secur32

QueryContextAttributesW
FreeCredentialsHandle
FreeContextBuffer
AcquireCredentialsHandleA
DecryptMessage
ApplyControlToken
DeleteSecurityContext
LsaEnumerateLogonSessions
LsaGetLogonSessionData
InitializeSecurityContextW
LsaFreeReturnBuffer
AcceptSecurityContext
EncryptMessage

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

ws2_32

getpeername
WSAGetLastError
socket
getsockname
WSASocketW
shutdown
getsockopt
ioctlsocket
recv
freeaddrinfo
WSACleanup
bind
connect
closesocket
WSAStartup
send
WSASend
setsockopt
WSAIoctl
getaddrinfo

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateChain

psapi

GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__CxxFrameHandler3
memcpy
memcmp
memmove
memset
_CxxThrowException
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-math-l1-1-0

__setusermatherr
trunc
round
truncf

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_controlfp_s
__p___argc
_initialize_onexit_table
__p___argv
_initterm
_cexit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_set_app_type
_register_onexit_function
terminate
_register_thread_local_exe_atexit_callback
_initterm_e
_seh_filter_exe
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

644b4af2790bb7acc1bf2354a767c972

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ntdll

bcrypt

kernel32

user32

shell32

ole32

advapi32

pdh

powrprof

oleaut32

netapi32

secur32

iphlpapi

ws2_32

crypt32

psapi

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 875KB - Virtual size: 875KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 108KB - Virtual size: 108KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 875KB - Virtual size: 875KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 108KB - Virtual size: 108KB