wind64[.]exe | Triage

General

Target

wind64.exe
Size

90KB
MD5

ac90b9863137fc23fb3ffe162d3663bb
SHA1

6eabadf1db38a3bee0b34cdf7f3291481f8da3e2
SHA256

262323145e3503b40b8b742ff39849be305850b16e5fd5a96e36645430ab4c3e
SHA512

4d01151e0ebf163d95f61976f6972382c51af1ccfddd08d3b7904f4a49004a4b321a246bb144d1a509439bf0ab91837903af8bda4324918afd2ea43767fb1fd9
SSDEEP

1536:qRSJY0fBIJl0vSf49xnDoprFktlfQikHLO++Epq:qRgBIJgVqrFaCx19pq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wind64.exe

Files

wind64.exe
.exe windows:4 windows x64 arch:x64

28914d53bcfab5f16746200ca6a381fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
CreateServiceW
DeleteService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreateRemoteThread
DeleteFileA
DeleteFileW
ExitProcess
FindResourceW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentProcess
GetExitCodeProcess
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
LoadLibraryA
LoadLibraryExW
LoadResource
LockResource
MoveFileExW
OpenProcess
ReadFile
ReleaseMutex
SizeofResource
VirtualAllocEx
VirtualQuery
WaitForSingleObject
WriteFile
WriteProcessMemory

msvcrt

__iob_func
_stricmp
fclose
fflush
fopen
fprintf
free
getchar
malloc
printf
puts
realloc

ntdll

NtClose
NtDeviceIoControlFile
NtLoadDriver
NtOpenFile
NtQueryInformationProcess
NtQuerySystemInformation
NtUnloadDriver
RtlAdjustPrivilege
RtlCreateRegistryKey
RtlInitUnicodeString
RtlWriteRegistryValue
_vsnwprintf
_wtoi
memcmp
tolower
toupper
wcscat
wcscpy
wcslen

user32

GetSystemMetrics

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

28914d53bcfab5f16746200ca6a381fd

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 74KB - Virtual size: 73KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 74KB - Virtual size: 73KB