Alexsploit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Alexsploit.exe
Size

5.4MB
MD5

43be84a03a0f2c1f022a85c5b0711b0b
SHA1

97d1b67fa6a57535cf1a25665b13863ec152d846
SHA256

6dda1e76a82d8ed70e463638f9e84b80150668004ee341ed1286746b376c3f89
SHA512

6a895015c5786d324fe23f53eb5be8d79094faab334509a8033c8c6d5fcdfe868832b9c9456588263ee3afb5d6178ae0ef0e519422dcb2b052ac0094aa454c61
SSDEEP

49152:0eOzvk3QuO985AQXnk9m4lem/ujJaWHRQiWz9c8JarIZhuPgiNIJk1kFWmmtWsXV:pA+HdIZhuPgbJky4GdB/YXR8oh99BNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Alexsploit.exe

Files

Alexsploit.exe
.exe windows:6 windows x64 arch:x64

6fc8d481e1886d20bd293e8a76d2259b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Alex\Downloads\Alexsploit\target\release\deps\Alexsploit.pdb

Imports

kernel32

ReleaseSRWLockShared
FormatMessageW
WaitForSingleObject
CreateEventW
HeapAlloc
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetProcessHeap
GetCurrentThreadId
InitializeSListHead
SetConsoleTitleA
GetCurrentProcess
DuplicateHandle
GetSystemInfo
WriteConsoleW
SetConsoleTextAttribute
SetHandleInformation
GetConsoleScreenBufferInfo
CreateFileW
GetConsoleMode
SetConsoleMode
GetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForMultipleObjects
CreateIoCompletionPort
GetTimeZoneInformationForYear
GetQueuedCompletionStatusEx
AcquireSRWLockShared
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
AcquireSRWLockExclusive
SetFileCompletionNotificationModes
CreateMutexA
Sleep
GetModuleHandleA
WaitForSingleObjectEx
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
TryAcquireSRWLockExclusive
GetSystemTimeAsFileTime
SetFileInformationByHandle
SetFilePointerEx
GetCurrentThread
GetCurrentProcessId
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
CreateThread
HeapReAlloc
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CancelIo
ReadConsoleW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
ReleaseSRWLockExclusive
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CloseHandle
IsProcessorFeaturePresent

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

shell32

SHCreateItemFromParsingName

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

shlwapi

AssocQueryStringW

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
EncryptMessage
DeleteSecurityContext
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
ApplyControlToken
FreeCredentialsHandle

ws2_32

WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
getpeername
send
closesocket
WSASend
setsockopt
WSAIoctl
getsockname
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

crypt32

CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy

ntdll

RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile
NtReadFile

bcrypt

BCryptGenRandom

vcruntime140

memset
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler3
memcmp
memcpy
memmove
_CxxThrowException

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_exit
_initialize_onexit_table
_register_onexit_function
__p___argc
__p___argv
exit
_set_app_type
_seh_filter_exe
_initterm_e
_cexit
_c_exit
_crt_atexit
_initterm
terminate
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc8d481e1886d20bd293e8a76d2259b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

oleaut32

shlwapi

secur32

ws2_32

advapi32

crypt32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 168KB - Virtual size: 168KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 168KB - Virtual size: 168KB

.reloc
Size: 45KB - Virtual size: 44KB