executable[.]exe

Target

executable.exe
Size

1.4MB
MD5

e1237db94228dd27add66ec00af749df
SHA1

d851674a33a0783f56073a55f26360f738793583
SHA256

89b4d1008297a803f8a78cc3064ba3a1b2a46c0264b706ac31e88200914f3841
SHA512

0df0fde781d8297a0125f42a7e6e5ccaa35607d9f6b6e436d010381d3b4edb49069c36434daa9c0c8ab5c309101621db9400cc890f88f58099ecd53762b15935
SSDEEP

24576:vBqns6Q5Lbaqg+t6NGHEOiPSHt39OTvAnxR8urDS1I8av+Ibjy:vBgPsP9PN39OTYxuUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
executable.exe

Files

executable.exe
.exe windows:6 windows x86 arch:x86

c384bd7fc9f391169d775ffdd8034b30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glViewport
glTexImage2D
glClearColor
glTexParameteri
glGenTextures
glBindTexture
glClear
glPixelStorei

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
Module32FirstW
VirtualAllocEx
Module32NextW
VirtualFreeEx
IsDebuggerPresent
GetModuleHandleW
SetThreadExecutionState
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerSetConditionMask
GetLastError
FormatMessageW
CreateRemoteThread
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
VirtualQuery
InitializeSListHead

user32

ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
SetRect
ClipCursor
WindowFromPoint
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
IsIconic
RemovePropW
GetPropW
SetPropW
ReleaseDC
GetDC
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
ShowWindow
IsZoomed
DestroyWindow
CreateWindowExW
RegisterClassExW
SetFocus
GetActiveWindow
UnregisterClassW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
BringWindowToTop
GetMessageTime
GetKeyState
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
PeekMessageW
DispatchMessageW
SetWindowTextW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
TranslateMessage
OpenClipboard
TrackMouseEvent
MapVirtualKeyW
ScreenToClient
GetAsyncKeyState
GetClientRect
GetForegroundWindow
FindWindowW
ClientToScreen
GetCursorPos

gdi32

CreateBitmap
SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
GetDeviceCaps
CreateRectRgn
DeleteObject
CreateDIBSection
CreateDCW
DeleteDC

shell32

DragFinish
DragQueryPoint
DragQueryFileW
DragAcceptFiles

msvcp140

_Mtx_destroy_in_situ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Xtime_get_ticks
?_Syserror_map@std@@YAPBDH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
_Mtx_init_in_situ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Throw_Cpp_error@std@@YAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
_Thrd_detach
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_lock
_Mtx_unlock
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?good@ios_base@std@@QBE_NXZ

msvcp140_atomic_wait

__std_parallel_algorithms_hw_threads
__std_close_threadpool_work
__std_create_threadpool_work
__std_wait_for_threadpool_work_callbacks
__std_bulk_submit_threadpool_work

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

vcruntime140

_CxxThrowException
memset
__CxxFrameHandler3
__std_terminate
memchr
__std_exception_destroy
__std_exception_copy
memmove
strstr
strchr
memcpy
__vcrt_LoadLibraryExW
__vcrt_GetModuleFileNameW
memcmp
_except_handler4_common
__current_exception_context
__current_exception

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_controlfp_s
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_register_onexit_function
_wassert
_c_exit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fclose
__p__commode
__stdio_common_vfprintf
ftell
fseek
fflush
fwrite
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
_set_fmode
setvbuf
fgetpos
fgetc
fputc

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strlen
strspn
strcpy_s
strncpy
strcpy
wcscmp
strncmp
strcat_s
wcscpy

api-ms-win-crt-utility-l1-1-0

abs
qsort

api-ms-win-crt-convert-l1-1-0

strtol
atof
strtoul

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-math-l1-1-0

ceil
ldexp
_CIfmod
__setusermatherr
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_fdclass
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_CIatan2

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 844KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c384bd7fc9f391169d775ffdd8034b30

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

shell32

msvcp140

msvcp140_atomic_wait

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 546KB - Virtual size: 546KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 844KB - Virtual size: 853KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 546KB - Virtual size: 546KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 844KB - Virtual size: 853KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB