Windbg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Windbg.exe
Size

490KB
MD5

80f51ad8bf253f7be262521565553741
SHA1

88caa9617e9e4f53ba3d9df3c6dc5137dac7fa85
SHA256

beee06d5cb872854c385f94c2d8308bea96c388f1b3fe0a5eef7717eefa1b703
SHA512

0e1d5c809abb594c7d4254fe017ba3c021a52502b216c1657e1b0a8b91aed76b758625d57925722336e123380d9afddf98808a03c1e636816e9e8302f14b98ab
SSDEEP

12288:IqL6YzkJRW+265P1F8yDSHXWWJrcu0RRi:/kiw9VmHXfcuii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windbg.exe

Files

Windbg.exe
.exe windows:7 windows x86 arch:x86

238f86017c099a2eb56950ea096b3440

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

windbg.pdb

Imports

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA

kernel32

GlobalAlloc
GlobalSize
WaitForSingleObject
LoadLibraryW
GetProcAddress
GetModuleHandleW
SetEnvironmentVariableW
GetModuleFileNameW
GetPriorityClass
GetFileAttributesW
GlobalFree
GlobalUnlock
GetCurrentDirectoryW
OutputDebugStringW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
GetFileTime
CompareFileTime
ExitProcess
GetCommandLineW
CreateThread
GetCurrentProcessId
Sleep
GetCurrentProcess
SetPriorityClass
LeaveCriticalSection
InterlockedIncrement
ExpandEnvironmentStringsW
EnterCriticalSection
GetVersionExW
DeleteFileW
GlobalLock
ExpandEnvironmentStringsA
GetCurrentThreadId
WriteFile
Beep
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
CloseHandle
InterlockedExchange
GetLastError
WideCharToMultiByte
DebugBreak
InterlockedDecrement
InterlockedCompareExchange
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
FreeLibrary
LoadLibraryA
SetLastError
FormatMessageW
CreateEventA
SetEvent
SetErrorMode
SetFilePointer
CreateProcessW

gdi32

CreateSolidBrush
GetStockObject
TextOutW
MoveToEx
LineTo
Polyline
GetTextExtentPointW
CreateFontIndirectW
DeleteObject
GetTextMetricsW
GetTextExtentPoint32W
PatBlt
SetTextColor
SetBkColor
PtVisible
SelectObject
CreatePen

user32

DrawIconEx
FillRect
SetRect
GetSysColorBrush
GetWindowDC
GetDCEx
IsWindowVisible
DefWindowProcW
RedrawWindow
GetActiveWindow
IsZoomed
SetCursor
PtInRect
IsChild
EndDeferWindowPos
BeginDeferWindowPos
SystemParametersInfoW
LoadIconW
RegisterClassExW
LoadCursorW
LoadStringW
SetParent
OpenIcon
MapWindowPoints
IsWindowEnabled
ChildWindowFromPointEx
EndPaint
BeginPaint
WindowFromPoint
DispatchMessageW
TranslateMessage
GetMessageW
GetCapture
GetDlgItemTextW
SetDlgItemTextW
SendDlgItemMessageW
GetParent
IsClipboardFormatAvailable
DeleteMenu
GetMenuItemCount
GetMenuItemInfoW
GetDlgItem
EndDialog
GetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
SetDlgItemInt
GetMenuState
PostQuitMessage
AdjustWindowRect
GetMenu
DrawTextW
GetSysColor
CallNextHookEx
UpdateWindow
MessageBoxW
DialogBoxParamW
TranslateAcceleratorW
IsDialogMessageW
PeekMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
DestroyMenu
CreatePopupMenu
GetScrollInfo
SetWindowsHookExW
GetSubMenu
LoadAcceleratorsW
RegisterWindowMessageW
RegisterClipboardFormatW
WaitMessage
CopyRect
GetTitleBarInfo
GetWindowThreadProcessId
ShowWindow
BringWindowToTop
SetActiveWindow
SetWindowLongW
ModifyMenuW
TrackPopupMenu
GetDesktopWindow
GetDC
ReleaseDC
RemoveMenu
DrawMenuBar
GetCursorPos
ScreenToClient
SetWindowPos
DeferWindowPos
ClientToScreen
OffsetRect
SetWindowPlacement
GetWindowPlacement
GetWindowRect
MessageBeep
CreateMenu
InsertMenuItemW
MoveWindow
IsIconic
GetKeyState
GetSystemMetrics
ReleaseCapture
SetCapture
SetMenuItemInfoW
GetWindowLongW
DestroyWindow
SetTimer
EnableWindow
InvalidateRect
KillTimer
PostMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetFocus
GetClientRect
EnableMenuItem
CreateWindowExW
CheckMenuItem
GetFocus
SendMessageW
GetForegroundWindow

msvcrt

_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_XcptFilter
_exit
_cexit
__wgetmainargs
??3@YAXPAX@Z
_vsnprintf
_vsnwprintf
__CxxFrameHandler
getenv
_wtoi64
exit
realloc
iswalnum
iswalpha
_wctime
wcstoul
iswdigit
_wgetenv
_wtoi
_itow
towlower
iswprint
wcsstr
towupper
wcsrchr
??2@YAPAXI@Z
_purecall
_wcsdup
wcstok
_wcsicmp
_wcsnicmp
swscanf
iswspace
_wfopen
fprintf
fclose
calloc
memset
memmove
memcpy
malloc
wcsncmp
wcschr
free

dbgeng

DebugConnectWide
DebugCreate

dbghelp

SymMatchFileNameW
SymSetParentWindow

ole32

CoTaskMemFree
CoInitializeEx

shell32

DragAcceptFiles

comctl32

InitCommonControlsEx
CreateToolbarEx
CreateStatusWindowW
PropertySheetW

mpr

WNetDisconnectDialog

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

238f86017c099a2eb56950ea096b3440

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

dbgeng

dbghelp

ole32

shell32

comctl32

mpr

Sections

.text Size: 381KB - Virtual size: 381KB

.data Size: 11KB - Virtual size: 86KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 381KB - Virtual size: 381KB

.data
Size: 11KB - Virtual size: 86KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 25KB - Virtual size: 25KB