dagxet[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dagxet.exe
Size

1.5MB
MD5

9074e67086b67b9beb71ad29a75e6d05
SHA1

862fbffa7718d9c9e512137fbf073328dc7dd302
SHA256

847461ad5bf7be59f427c0c533a983497cbc7afe3db41fe16cbff1455cd9420c
SHA512

e2f9379d774d1181b8b8f988af1a516aa3a9358a2bce6346c8f7b283e1c240f6704cc9120d9764b17b1d234e4d09d3f292f7faaa76b2391aeeb3304e2c53a38e
SSDEEP

24576:Hd7nzmttsViga+RTwweyaiDFKNqFVBlnaULpytLjri7ioGB8fXeZay8Ert:NnataTreypFKsnzaOpytPri7TLuZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dagxet.exe

Files

dagxet.exe
.exe windows:6 windows x64 arch:x64

b9a0a5e613e4c3881ac90a61f65cb07d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlAddFunctionTable
Module32First
CreateFileW
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
CreateFileA
LoadLibraryA
Process32Next
CloseHandle
CreateThread
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
WideCharToMultiByte
CreateRemoteThread
CreateProcessA
VirtualFreeEx
lstrcmpiW
GetExitCodeProcess
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
Module32Next
IsValidCodePage
HeapReAlloc
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapAlloc
GetFileType
GetFileSizeEx
WriteFile
GetStdHandle
GetModuleFileNameW
ReadFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
DeviceIoControl
GetCurrentProcess
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
WriteProcessMemory
GetACP
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
LocalFree
FormatMessageA
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
RtlUnwind
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

UpdateWindow
RegisterClassExA
FindWindowA
GetDesktopWindow
PostQuitMessage
UnregisterClassA
PeekMessageA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DispatchMessageA
GetWindowRect
DestroyWindow
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage

gdi32

GetDeviceCaps

d3d9

Direct3DCreate9

d3dx9_43

D3DXVec3Project

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

advapi32

OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Sections

.text
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0
Size: - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9a0a5e613e4c3881ac90a61f65cb07d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

d3d9

d3dx9_43

imm32

advapi32

Sections

.text Size: - Virtual size: 630KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: - Virtual size: 203KB

.pdata Size: - Virtual size: 26KB

_RDATA Size: - Virtual size: 244B

0 Size: - Virtual size: 999KB

1 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 630KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: - Virtual size: 203KB

.pdata
Size: - Virtual size: 26KB

_RDATA
Size: - Virtual size: 244B

0
Size: - Virtual size: 999KB

1
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B