openme[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

openme.exe
Size

372KB
MD5

e3b3e285390c0e2f7d04bd040bec790d
SHA1

dbee71535e9f1fb23b3f01e25989d22d51237e68
SHA256

21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6
SHA512

6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be
SSDEEP

6144:C9dswuuW1sVyO6x5x6bQ5PJIgNdsalkFrgikCxEwdrDY2AotYSNlx4:CtuuiswO696bQXIqSa2FjJG0Y2AotYW4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

openme.exe

resource
openme.exe

Files

openme.exe
.exe windows:5 windows x86 arch:x86

09079191e32ab271df88d26a787c56c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
LoadLibraryW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
HeapSize
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeEnvironmentStringsW
GetFileType
SetHandleCount
CreateFileW
ExitProcess
GetConsoleCP
WriteFile
MultiByteToWideChar
SetEnvironmentVariableA
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
GetLastError
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
HeapFree
InterlockedDecrement
RtlUnwind
RaiseException
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadProcessMemory
FindFirstFileA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FormatMessageA
LocalFree
Sleep
GetCurrentThreadId
GlobalAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsA
lstrcpyA
GlobalLock
lstrlenA
GlobalUnlock
HeapCreate
GetConsoleWindow
GetFileInformationByHandle
HeapAlloc
SearchPathA
GetProcAddress
OpenProcess
ReadFile
EnumDateFormatsA
FindNextFileA
FindClose
LocalAlloc
WideCharToMultiByte
GetModuleFileNameA
GetLogicalDrives
GetLogicalDriveStringsA
GetPrivateProfileIntA
GetLocalTime
GetUserDefaultLangID
GetLocaleInfoW
GetDriveTypeA
GetSystemTimeAsFileTime
CreateFileA
GetFileSize
CloseHandle
GetModuleFileNameW
lstrcpyW
lstrcmpiA
DeleteCriticalSection

user32

GetMenu
OpenClipboard
GetForegroundWindow
PostQuitMessage
LoadIconA
GetSysColorBrush
BeginPaint
GetClientRect
GetWindowRect
DefWindowProcA
GetSystemMetrics
RegisterClassA
GetMenuItemCount
EnumClipboardFormats
GetClipboardFormatNameA
GetClipboardData
SetWindowLongA
GetParent
CloseClipboard
MoveWindow
GetClipCursor
ClipCursor
MessageBoxA
GetWindowLongA
CreateWindowExA
SetScrollPos
SetTimer
EndDialog
KillTimer
UpdateWindow
SetKeyboardState
ActivateKeyboardLayout
LoadKeyboardLayoutA
GetKeyboardLayoutList
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetClassNameA
SetWindowTextA
InsertMenuItemA
wsprintfA
GetDC
FindWindowA
ChildWindowFromPoint
SetCursorPos
GetDesktopWindow
GetWindow
GetWindowTextA
EnableWindow
CheckDlgButton
OffsetRect
GetIconInfo
SetRect
IsClipboardFormatAvailable
InvalidateRect
MapWindowPoints
SetWindowPos
EndPaint
GetCursorPos
CreatePopupMenu
ReleaseDC
IsWindow
AdjustWindowRectEx
IsWindowVisible
RegisterClassExA
GetSystemMenu
EnumWindows
GetWindowPlacement
SetWindowPlacement
GetScrollInfo
LoadAcceleratorsA
LoadCursorA
CreateWindowExW
SendMessageW
SetDlgItemTextA
RegisterHotKey
GetDlgItem
SendMessageA
ShowWindow

gdi32

SelectObject
CreateSolidBrush
CreateEllipticRgn
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteObject
DeleteDC
SetBrushOrgEx
ExcludeClipRect
Rectangle
FillRgn
GetDeviceCaps
CreateRectRgnIndirect
CombineRgn
CreatePen

winspool.drv

ord201

comdlg32

CommDlgExtendedError
GetOpenFileNameA
ChooseColorA

advapi32

RegCreateKeyA
RegCloseKey
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetTokenInformation
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
IsValidSecurityDescriptor
AllocateAndInitializeSid
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
RegQueryValueExA

shell32

SHEmptyRecycleBinA
SHQueryRecycleBinA

ole32

CoCreateInstance
StgCreateDocfile
CreateStreamOnHGlobal
CoInitializeEx
RegisterDragDrop
CoInitialize

oleaut32

SysAllocStringLen

odbc32

ord61
ord62

netapi32

NetShareGetInfo

psapi

GetModuleInformation
GetProcessMemoryInfo

avicap32

capGetDriverDescriptionA

winmm

midiInGetID
midiInMessage

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathFindExtensionW
PathFindFileNameA
PathFindFileNameW

comctl32

InitCommonControlsEx
ord412

gdiplus

GdiplusStartup

imm32

ImmReleaseContext
ImmGetContext
ImmIsIME
ImmSetCompositionWindow

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

wtsapi32

WTSEnumerateProcessesA

snmpapi

SnmpUtilAsnAnyCpy

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09079191e32ab271df88d26a787c56c2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

netapi32

psapi

avicap32

winmm

version

shlwapi

comctl32

gdiplus

imm32

setupapi

wtsapi32

snmpapi

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 216KB - Virtual size: 215KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 216KB - Virtual size: 215KB