AndroidProcess[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AndroidProcess.exe
Size

249KB
MD5

6ec61986090260a3299a1970628b7398
SHA1

1ccf71df7fccaa23ae6c2e0b13006a481b277675
SHA256

c2e35bc339df2d7aad30898d5f104f173fea6f839b9e92f074179576029c12bf
SHA512

d5507087d778d7e0c0c759560c25eeb3b73621a7b928a556bbf1d99958f8606dc5fa3f1ed009124169e768f1f9e094524ee38d1ad915bd4b1edde1dfaec16d4f
SSDEEP

3072:5txL1zF+6XWqXTB+J7E9hhSWOC76nhuNYTvOIIoIIdJ:jxJF+6XWqXTcGhcBC76n6YTvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AndroidProcess.exe

Files

AndroidProcess.exe
.sys windows:5 windows x86 arch:x86

d2840c1a21d2197c63f8a1cceb6bc193

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\titan\Engine\Release\AndroidProcess.pdb

Imports

ntdll

NtResetEvent
RtlDeleteCriticalSection
NtDelayExecution
NtDeviceIoControlFile
RtlEnterCriticalSection
NtCreateEvent
RtlInitializeCriticalSection
RtlLeaveCriticalSection
NtCreateFile
NtWaitForSingleObject
_vsnprintf
ZwQuerySystemInformation
ZwGetContextThread
ZwReadVirtualMemory
ZwQueryInformationProcess
ZwQueryInformationThread
ZwWriteFile
RtlImageNtHeader
RtlGetVersion
ZwSetInformationFile
ZwSuspendThread
ZwResumeThread
ZwWaitForSingleObject
RtlAllocateHeap
ZwReadFile
ZwCreateFile
RtlInitUnicodeString
swprintf
RtlFreeHeap
NtQueryObject
RtlCreateUserThread
ZwCreateEvent
ZwSetEvent
ZwFsControlFile
ZwCancelIoFile
ZwCreateNamedPipeFile
ZwFlushBuffersFile
ZwWaitForMultipleObjects
_wcsicmp
_snprintf
strrchr
NtOpenThread
NtQueryVirtualMemory
RtlRandom
NtQuerySystemInformation
NtQueryInformationProcess
NtQueryPerformanceCounter
NtAllocateVirtualMemory
strncpy
NtClose
NtSetEvent
NtProtectVirtualMemory
RtlRaiseException
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strstr
RtlAddVectoredExceptionHandler
NtGetContextThread
LdrGetProcedureAddress
RtlEqualUnicodeString
RtlExitUserThread
LdrGetDllHandle
NtCreateThread
NtCreateProcess
NtTerminateProcess
sprintf
NtSetContextThread
RtlPcToFileHeader
LdrLoadDll
ZwRaiseException
ZwContinue
strchr
KiUserExceptionDispatcher
NtSuspendThread
NtResumeThread
RtlFreeUnicodeString
strncmp
RtlUnhandledExceptionFilter
_alldiv
_allmul
_chkstk
memcpy
memset

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2840c1a21d2197c63f8a1cceb6bc193

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 134KB - Virtual size: 133KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 134KB - Virtual size: 133KB