pixi-x86_64-pc-windows-msvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pixi-x86_64-pc-windows-msvc.exe
Size

19.7MB
MD5

145589d1a75c8e6885222abdcfcd1fbf
SHA1

636aebefc7b0ea1d45cdb7cc8f7230b95fef98f6
SHA256

4e21a0a057b740c833623ed084c4de15ab9ac22eac3aa10ce24f450f5119773a
SHA512

64e6eb73ba466404b89924643f35e53728d0461707b7533691200aea31c79bca96bee15224bd3e73b30b8204d3c8474a6d8c986844607e518a0e7b850eeb5a6c
SSDEEP

98304:qFfOZfCSUTuQQvu95UDhfTLAk3l3jHPEVqaKLR6XWrzgKjkN9NMyNmM7C9T8dcBB:euQubEVDozgKjknDW9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pixi-x86_64-pc-windows-msvc.exe

Files

pixi-x86_64-pc-windows-msvc.exe
.exe windows:6 windows x64 arch:x64

faf9de5314b854b01e17db76049737b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
MoveFileExW
CompareStringOrdinal
WaitForSingleObject
RegisterWaitForSingleObject
GetExitCodeProcess
CreatePipe
lstrlenW
SetFileTime
WriteFile
FlushFileBuffers
CreateEventW
UnlockFileEx
SetFilePointer
SetEndOfFile
GetConsoleOutputCP
HeapSize
GetStringTypeW
WakeConditionVariable
SleepConditionVariableSRW
GetFileType
GetSystemInfo
TryAcquireSRWLockExclusive
FindClose
SwitchToThread
CreateFileMappingW
MapViewOfFile
VirtualProtect
GetQueuedCompletionStatusEx
SetStdHandle
SetEnvironmentVariableW
WideCharToMultiByte
PostQueuedCompletionStatus
GetCPInfo
CreateIoCompletionPort
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetBinaryTypeW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
HeapReAlloc
GetFileInformationByHandle
DeviceIoControl
SetFileInformationByHandle
DeleteFileW
SetFileAttributesW
LocalAlloc
CreateFileW
LocalFree
GetCurrentProcessId
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetThreadErrorMode
LoadLibraryExW
FreeLibrary
WakeAllConditionVariable
GetConsoleMode
SetThreadStackGuarantee
AddVectoredExceptionHandler
ReleaseSRWLockShared
AcquireSRWLockShared
GetLastError
GetCommandLineW
QueryPerformanceFrequency
QueryPerformanceCounter
LockFileEx
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FindNextFileW
GetStdHandle
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FlsGetValue
FlsAlloc
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FreeEnvironmentStringsW
TlsFree
GetCurrentThread
MultiByteToWideChar
WriteConsoleW
SetLastError
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetEnvironmentStringsW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
TlsSetValue
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
FindFirstFileW
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CancelIo
ReadFile
ExitProcess
TerminateProcess
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateSymbolicLinkW
CreateHardLinkW
CopyFileExW
SetHandleInformation
RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapFree
GetTickCount64
GlobalMemoryStatusEx
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetFilePointerEx
SetUnhandledExceptionFilter
DuplicateHandle
GetLogicalDrives
UnhandledExceptionFilter
RtlVirtualUnwind
GetFileInformationByHandleEx
GetCurrentProcess
UnlockFile
CloseHandle
SleepConditionVariableCS
UnmapViewOfFile
GetDiskFreeSpaceExW
HeapAlloc
GetDriveTypeW
GetVolumeInformationW
GetProcessTimes
OpenProcess
InitializeConditionVariable
DeleteCriticalSection
ReadProcessMemory
VirtualQueryEx
GetProcessHeap
GetSystemTimes
GetProcessIoCounters
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetConsoleCtrlHandler
UnregisterWaitEx

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx

ws2_32

setsockopt
WSAIoctl
bind
shutdown
connect
getsockopt
ioctlsocket
WSASocketW
getaddrinfo
freeaddrinfo
closesocket
WSAStartup
WSASend
send
getsockname
WSAGetLastError
getpeername
recv
WSACleanup

advapi32

GetTokenInformation
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SystemFunction036
CredDeleteW
CredFree
CredReadW
CredWriteW

ntdll

RtlNtStatusToDosError
NtQueryInformationProcess
NtReadFile
RtlGetVersion
NtWriteFile
NtCreateFile
NtCancelIoFileEx
NtQuerySystemInformation
NtDeviceIoControlFile

crypt32

CertCloseStore
CertGetCertificateChain
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateStore
CertAddCertificateContextToStore

bcrypt

BCryptGenRandom

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter

secur32

EncryptMessage
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
DecryptMessage
QueryContextAttributesW
ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW

oleaut32

SysAllocString
SysFreeString
VariantClear

psapi

GetPerformanceInfo
GetProcessMemoryInfo
GetModuleFileNameExW

iphlpapi

GetIfEntry2
GetIfTable2
GetAdaptersAddresses
FreeMibTable

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

powrprof

CallNtPowerInformation

Sections

.text
Size: 14.4MB - Virtual size: 14.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf9de5314b854b01e17db76049737b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

ws2_32

advapi32

ntdll

crypt32

bcrypt

pdh

secur32

oleaut32

psapi

iphlpapi

netapi32

powrprof

Sections

.text Size: 14.4MB - Virtual size: 14.4MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 22KB - Virtual size: 27KB

.pdata Size: 532KB - Virtual size: 531KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 14.4MB - Virtual size: 14.4MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 22KB - Virtual size: 27KB

.pdata
Size: 532KB - Virtual size: 531KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 80KB - Virtual size: 80KB