wind64[.]exe | Triage

General

Target

wind64.exe
Size

86KB
MD5

70feddd51a00ab459a84054b09cdd7e7
SHA1

5e39eff6dcf49def80bb48b2b4eabb34cc96ef97
SHA256

8c367045ab2bb2919420a8fafe1b0350870ac73071fb0a9a55eb27e589048d71
SHA512

c03500b23d369ac7d72820305ad25e91dc3b0abdada8c31640b74fef9532cf834d60849631651eb60e54cadf72dea7d0c798ee37e1e58e0b24959b9fd657b77b
SSDEEP

1536:kziS5L/46WIJl0vSf49xnDoprFktlfQikHLO++EpC:kzB9WIJgVqrFaCx19pC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wind64.exe

Files

wind64.exe
.exe windows:4 windows x64 arch:x64

0ce095f09f4b05cb8c8be3accc6f0eba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
CreateServiceW
DeleteService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreateRemoteThread
DeleteFileA
DeleteFileW
ExitProcess
FindResourceW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentProcess
GetExitCodeProcess
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
LoadLibraryA
LoadLibraryExW
LoadResource
LockResource
MoveFileExW
OpenProcess
ReadFile
ReleaseMutex
SizeofResource
VirtualAllocEx
VirtualQuery
WaitForSingleObject
WriteFile
WriteProcessMemory

msvcrt

__iob_func
_stricmp
fclose
fflush
fopen
fprintf
free
getchar
malloc
printf
putchar
puts
realloc

ntdll

NtClose
NtDeviceIoControlFile
NtLoadDriver
NtOpenFile
NtQueryInformationProcess
NtQuerySystemInformation
NtUnloadDriver
RtlAdjustPrivilege
RtlCreateRegistryKey
RtlInitUnicodeString
RtlWriteRegistryValue
_vsnwprintf
_wtoi
memcmp
tolower
toupper
wcscat
wcscpy
wcslen

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ce095f09f4b05cb8c8be3accc6f0eba

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 71KB - Virtual size: 71KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 71KB - Virtual size: 71KB