mxredirect[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mxredirect.exe
Size

692KB
MD5

4cceb8905113d439744ee148e34e7821
SHA1

abc1abd7964b6bf6f6dc0e5c44e5f5391d8b268a
SHA256

fc3a66fb8d3683496a9c864c5903dccefba5d88feee9568cefdf9f6e4f3c1891
SHA512

b6ef84b9012dc26002c1bf10211e3d56b5e8120c2d331dd11ccaf7d60f4f86ad70837ed5113e8c263f30749793273b0761e5cc2661430bfb430c363b1d044ba9
SSDEEP

12288:yJ5H3oKQzOS4GQsDxJ8m1/RWoYhzqMQMQ6j2iT3DWLOMJgaOV4qGFmrh9/FtQOoJ:yJd3GSW+GqGFmrh9NtXip/

Score

1^/10

Malware Config

Signatures

Files

mxredirect.exe
.exe windows:6 windows x64 arch:x64

0924ab51c0d581266074c64f0c04e321

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2021, 00:00

Not After

13/08/2024, 23:59

Subject

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:e1:11:bd:3b:8d:28:de:e3:89:25:da:2d:16:4b:29:fe:20:aa:ed:d4:8d:04:66:cc:a4:48:e9:1c:1a:4f:98
Signer

Actual PE Digest

95:e1:11:bd:3b:8d:28:de:e3:89:25:da:2d:16:4b:29:fe:20:aa:ed:d4:8d:04:66:cc:a4:48:e9:1c:1a:4f:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\rg\ws\axonApp_Win_release_mxa_2024.0.0\mxhub\outputs\Release\mxredirect.pdb

Imports

wsock32

sendto
socket
gethostbyaddr
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
htons
ioctlsocket
closesocket

kernel32

GetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
FindClose
FindFirstFileA
FindNextFileA
lstrcpyA
lstrcatA
lstrlenA
CreateEventW
OutputDebugStringA
SetLastError
DeleteCriticalSection
CloseHandle
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
SetEvent
EnterCriticalSection
CreateThread
InitializeCriticalSectionAndSpinCount
WriteConsoleW
HeapSize
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
RaiseException
InitializeCriticalSectionEx
DecodePointer
CreateFileW
GetFileAttributesW
DeviceIoControl
GetDriveTypeW
GetCurrentProcess
OpenProcess
K32EnumProcesses
K32EnumProcessModules
K32GetModuleFileNameExA
GetModuleFileNameW
GetModuleHandleW
FileTimeToSystemTime
FormatMessageA
EncodePointer
LCMapStringEx
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetProcAddress
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlUnwind
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindNextFileW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
GetModuleHandleA
MoveFileExW
AreFileApisANSI
FreeLibrary
LCMapStringW
GetUserDefaultLCID
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetTimeZoneInformation
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
ReadFile
GetFileSizeEx
ReadConsoleW
SetStdHandle
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

advapi32

GetTokenInformation
RegSetKeyValueA
RegGetValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenProcessToken

shell32

SHGetFolderPathW

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0924ab51c0d581266074c64f0c04e321

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1cCertificate

Extended Key Usages

Key Usages

95:e1:11:bd:3b:8d:28:de:e3:89:25:da:2d:16:4b:29:fe:20:aa:ed:d4:8d:04:66:cc:a4:48:e9:1c:1a:4f:98Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

kernel32

advapi32

shell32

Sections

.text Size: 506KB - Virtual size: 505KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 13KB - Virtual size: 21KB

.pdata Size: 21KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

95:e1:11:bd:3b:8d:28:de:e3:89:25:da:2d:16:4b:29:fe:20:aa:ed:d4:8d:04:66:cc:a4:48:e9:1c:1a:4f:98
Signer

.text
Size: 506KB - Virtual size: 505KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 13KB - Virtual size: 21KB

.pdata
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB