hehexdword[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

hehexdword.exe
Size

358KB
MD5

e5796aa0d2266c82034edcf509ce587a
SHA1

7226f8b01b35f0511adc51fc265fdfa838661523
SHA256

91e09feaca3342681b4b2f1b816d3b88521c9b2a5c7532815e50e275d278676a
SHA512

0945410358e93dc8c63d79365942bd2aaedbd7ccc7a40777bcf904b8fef57029ee9bc969bab79dfd786f7fa4fd3612c0ea2853156df461c38b35b9138780c6a3
SSDEEP

6144:qY5UTKpH2aGbJwTQ97QJWJs2WQ2h3BsWzh4I6uqcB+4ENOVHR:1p8EWKQ2h3BsWzR6u/+xOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hehexdword.exe

Files

hehexdword.exe
.exe windows:6 windows x64 arch:x64

d00c0cfe3e9ee33f65ae3072bc32f185

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Git\readmeme\x64\Release\readmeme.pdb

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

user32

TranslateMessage
GetMessageW
CallNextHookEx
GetAsyncKeyState
SendInput
VkKeyScanW
GetSystemMetrics
MapVirtualKeyW
GetCursorPos
SystemParametersInfoW
SetWindowsHookExW
DispatchMessageW
UnhookWindowsHookEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
CreateProcessW
GetCurrentProcess
GetStartupInfoW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentProcessId
ExitProcess
CreateThread
ExitThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
LCMapStringEx
IsValidCodePage
EnumSystemLocalesW
GetOEMCP
GetACP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
WaitForSingleObject

api-ms-win-core-file-l1-1-0

FlushFileBuffers
GetFileType
SetFilePointerEx
WriteFile
CreateFileW
GetFileAttributesExW
ReadFile
FindNextFileW
FindFirstFileExW
GetFileSizeEx
FindClose

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-scaling-l1-1-0

GetScaleFactorForDevice

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineA
SetStdHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapSize

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00c0cfe3e9ee33f65ae3072bc32f185

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

user32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-shcore-scaling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-fibers-l1-1-0

Sections

.text Size: 259KB - Virtual size: 258KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 10KB - Virtual size: 8.2MB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 259KB - Virtual size: 258KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 10KB - Virtual size: 8.2MB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 2KB - Virtual size: 2KB