Xagent64[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

Xagent64.bin
Size

276KB
MD5

cc9e6578a47182a941a478b276320e06
SHA1

0b3852ae641df8ada629e245747062f889b26659
SHA256

fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5
SHA512

6cc6bdd0edd4b14d7f87b6c8a91cb563b7a2b1e6e2d26357b77c50e1c22a451e64a3224e6c8307623e44b626ba47d0c179114bf1137a453ab2f8ae61425a1659
SSDEEP

3072:0TrTaRcOsbAZo/DWEx9SYCTfyTcCuUtBwXO1HYF9GQkgYKON4hz46Gyi:+rT4cL/l9lofyTmUtBwX64FgKdhxGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Xagent64.bin

Files

Xagent64.bin
.dll windows:5 windows x64 arch:x64

e11ff4cef00d69de4a2397f269573ce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
VirtualFree
VirtualAlloc
TerminateProcess
GetExitCodeProcess
ExitThread
PeekNamedPipe
CreateProcessW
DuplicateHandle
GetCurrentProcess
DisconnectNamedPipe
WaitForMultipleObjects
CreatePipe
GetSystemDirectoryW
GetFileSize
FindClose
FindNextFileW
DeleteFileW
SystemTimeToTzSpecificLocalTime
FindFirstFileW
CreateFileW
GetComputerNameW
GetVolumeInformationW
OpenMutexW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
HeapReAlloc
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThreadId
WriteFile
OpenProcess
GetLastError
GetTickCount
GetMailslotInfo
CreateMailslotW
ReadFile
CreateMutexW
GetEnvironmentVariableW
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
GetExitCodeThread
CreateThread
TerminateThread
CloseHandle
SetFilePointer
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapSize
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
SetLastError
FlsFree
FlsGetValue
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
GetCommandLineA
FlsSetValue
LoadLibraryW
FreeLibrary
HeapAlloc
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
HeapFree
EncodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodePointer

user32

SendMessageTimeoutW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
wsprintfW
ReleaseDC
AttachThreadInput
GetKeyboardState
EnumDisplayMonitors
GetDC
GetWindowDC
GetWindowRect
GetForegroundWindow
WindowFromPoint
GetCursorPos
MapVirtualKeyExW

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject

advapi32

RegCreateKeyExW
RegEnumKeyExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW

ole32

StringFromCLSID
CreateStreamOnHGlobal

ws2_32

WSAGetLastError
WSAStartup
WSACleanup

shlwapi

PathFindFileNameW
PathFileExistsW
SHDeleteKeyW

gdiplus

GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown

psapi

GetProcessImageFileNameW

urlmon

ObtainUserAgentString

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersW
HttpSendRequestExW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestA
HttpSendRequestW
HttpQueryInfoW

Exports

Exports

init

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e11ff4cef00d69de4a2397f269573ce4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

gdiplus

psapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 25KB - Virtual size: 35KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 25KB - Virtual size: 35KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 2KB - Virtual size: 2KB