app[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

app.exe
Size

1.3MB
MD5

3ae1a72e71445d17826d1aaa54f50c44
SHA1

dca2bcebd30eb54fd237f76004de6abdd49b894f
SHA256

72410f4a5b5ddce0ae1ebbdd3342f754a208a98a76e91eb66161838806daea2f
SHA512

0c76a7a9e53476836145038a00454b090d44b2e212024b06d12cad8ec65ea5ddbafa64d815343d5b1050a4ead8da692ed3bc245c26a83124e972a89d3666e539
SSDEEP

24576:W9aOjYJYY/opKNe6TgQiFheBBQYHYvYuYYd2iGH3w0/VxUeenVGkF208:LOSopKNzQFheBL3wAUe8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
app.exe

Files

app.exe
.exe windows:6 windows x64 arch:x64

Password: infected

2a9a8afe0c4589826f3e83ff7470eb91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
RaiseException
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
GetFileSize
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
GetCurrentThread
OpenThread
IsDebuggerPresent
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetVersion
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
VirtualAllocEx
VirtualProtectEx
CreateRemoteThread
PostQueuedCompletionStatus
SetErrorMode
WriteProcessMemory
GetThreadContext
SetThreadContext
FlushFileBuffers
DeviceIoControl
FindClose
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetLogicalDriveStringsW
GetModuleFileNameW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
QueryDosDeviceW
SetFileAttributesW
FindFirstFileExW
FindNextFileW
IsBadReadPtr
IsBadWritePtr
GetVersionExA
CreateActCtxW
ActivateActCtx
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
CompareStringW
GetLocaleInfoW
GetDateFormatW
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
MessageBoxW
GetSystemMetrics
MessageBeep

advapi32

RegOpenKeyA

ole32

CoUninitialize
CoInitialize

ntdll

ZwProtectVirtualMemory
RtlFormatCurrentUserKeyPath
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlInitUnicodeString

shlwapi

PathMatchSpecW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

2a9a8afe0c4589826f3e83ff7470eb91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

user32

advapi32

ole32

ntdll

shlwapi

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 2KB - Virtual size: 1KB

.enigma1 Size: 4KB - Virtual size: 4KB

.enigma2 Size: 692KB - Virtual size: 692KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 2KB - Virtual size: 1KB

.enigma1
Size: 4KB - Virtual size: 4KB

.enigma2
Size: 692KB - Virtual size: 692KB