MentorKG[.]exe

Resubmissions

18/01/2024, 16:44

240118-t9avmsdfal 7

Sharing

Copy URL Twitter E-mail

General

Target

MentorKG.exe
Size

1.4MB
MD5

e2a76706c544dad18a860143c62af988
SHA1

3b62d2199e9588023893e8517310cca1c2445888
SHA256

aa16050a8e345e975a8bec51525e768f019ea0ef60326812b39daecf0c46a8f0
SHA512

415900ec4ccbc96cc0535c85bc2d330a55b30a47b8b94902c8080a236923a9e42de79990a96491f28d4bf259a020bb37a4ec27a306018fd893ae971f53a5de8c
SSDEEP

24576:2FQxNMm4NNP1R/c494JbGPNOEM2eqnSFYNt/s+m9doq7mjCVUAiNUBO+E5fWB/s7:2PRR/cxgXM2bSFYNt/Bm9bmjCVUA1O+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MentorKG.exe

Files

MentorKG.exe
.exe windows:5 windows x86 arch:x86

cf5fc56eb7de9b85675a71d8926bc6f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
Sleep
CloseHandle
WaitForSingleObject
FreeLibrary
ResetEvent
CreateEventA
SetEvent
GetProcAddress
LoadLibraryA
GetTickCount
GetVolumeInformationA
GetDriveTypeA
GetCurrentProcess
VirtualAlloc
VirtualFree
GetWindowsDirectoryA
SetErrorMode
SetHandleInformation
GetModuleHandleA
ReleaseMutex
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableW
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateFileA
ReadFile
WriteFile
DeviceIoControl
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetSystemTime
GetProcessTimes
GetCurrentProcessId
SystemTimeToFileTime
GetLocalTime
GetFileSize
GetVersionExA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
CompareStringW
WriteConsoleW
HeapSize
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FindFirstFileExW
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeW
GetExitCodeProcess
CreatePipe
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
GetStartupInfoW
GetModuleFileNameA
CreateProcessA
GetLastError
FormatMessageA
lstrlenA
LocalAlloc
LocalSize
LocalFree
ExitProcess
GetEnvironmentVariableA
CopyFileA
GetFileTime
DeleteFileA
SearchPathA
SetConsoleCtrlHandler
SetLastError
SetFileTime
SetHandleCount
GetFullPathNameW
GetModuleFileNameW
GetStdHandle
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FatalAppExitA
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
LCMapStringW
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
SetCurrentDirectoryW
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
GetModuleHandleW
DecodePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
DeleteCriticalSection
GetCommandLineA
HeapSetInformation
RtlUnwind
HeapReAlloc
DuplicateHandle
ExitThread
ResumeThread
CreateThread
GetFileType
CreateFileW
MoveFileA
MoveFileW
GetFileAttributesW
DeleteFileW
GetDriveTypeW
GetFullPathNameA
GetFileAttributesA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetTimeZoneInformation
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW

user32

EnableWindow
GetWindowRect
GetDlgItem
SendMessageA
GetWindowLongA
MessageBeep
SetDlgItemTextA
GetDlgItemTextW
GetDlgItemTextA
EndDialog
GetActiveWindow
GetFocus
SetFocus
SetWindowTextA
ShowWindow
MoveWindow
ScreenToClient
GetClientRect
GetSystemMetrics
wsprintfA
CreateDialogIndirectParamA
GetParent
MessageBoxA
DialogBoxIndirectParamA

netapi32

Netbios

advapi32

RegEnumValueA
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

closesocket
htonl
gethostname
gethostbyname
gethostbyaddr
inet_addr
ioctlsocket
WSACleanup
WSAGetLastError
WSAStartup
getsockopt
__WSAFDIsSet
select
connect
socket
htons
getprotobyname
recv
send
inet_ntoa
setsockopt
ntohs
ntohl

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

cf5fc56eb7de9b85675a71d8926bc6f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

advapi32

comdlg32

comctl32

wsock32

Sections

.text Size: 660KB - Virtual size: 659KB

.textidx Size: 528KB - Virtual size: 528KB

CONST Size: 512B - Virtual size: 80B

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 98KB - Virtual size: 413KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 660KB - Virtual size: 659KB

.textidx
Size: 528KB - Virtual size: 528KB

CONST
Size: 512B - Virtual size: 80B

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 98KB - Virtual size: 413KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 48KB - Virtual size: 47KB