hx[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

hx.exe
Size

5.7MB
MD5

bb92cbc043a1542e36b1453d6df634f9
SHA1

60482c13586b8b53f96c96f309f20cccb50324a4
SHA256

71718e674c9f8632042dbf368284ffee746ce7cd550721a8a88326afe2446b3f
SHA512

90739b7cb6f0ad97bbda442b976b1b9d8495e598a91a379e13351473630d7b48f86a34ae84c1abcd8bd46fbcc2161be61f589229cf9c0e15b5d41ed2bd68ce7b
SSDEEP

98304:MKOP92TMg7vsBFP+azw1cw0J6RquAwMAPiCfv1FpCfcDLv51L7x9ohw1:nOP92TMPBFP/kcwc6RdA6PZv1Fp3R1/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hx.exe

Files

hx.exe
.exe windows:6 windows x64 arch:x64

7611a656a98af4e80d58ab62bca33209

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

advapi32

CryptAcquireContextW

gdi32

CreateRoundRectRgn

user32

TrackMouseEvent
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetCommandLineW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmReleaseContext

ntdll

NtWriteVirtualMemory

shell32

ShellExecuteA

bcrypt

BCryptGenRandom

ws2_32

WSACloseEvent

crypt32

CryptQueryObject

wtsapi32

WTSSendMessageW

Exports

Exports

T��|��"eLH !4v��[�s .C�㔡��C��;��g�e�+�h�C��r��Sp!��,�_K��? �?��<��s��\6��g��0@I��0��n�� XcJ��]p��K�1 Z��8(�.v#$��D> �*��y��\'ٴ��b�ٛlN.B��hv&+4kmF�c�r!��Y��Y��H��H�ln�Q��-�Ϸ4^��K�"K��25O&\�c� X�� 4W�Е?��ś\�"��tRɤ@hG��mC�f��)�+��E�f�~�R�I�Q�_��ڰ�l�4�Y��H��β�C��J;�k��톽׽T�1c�fQ��N@�.Yg^�t �Z��ס�-ϪІ�,�*�/T��ݽ�P +�i;ĕD��ŭ(j��Kd�k��A�F8QH�H��/��J�\:B�a�#Jl׮��K��ZK,��{`��ьH��q<�M_��sE�8H(�cL��W3��e��$n�+6�=w��m��g�p�3��K83_+e�F��B߇�9տ��KZ��IF�%T��)n�6��B) t��m.h��E/��oPL�I&�qA��:4�ښ; i�l��%�fP쪟��,�^uZ�*w ��A�R�"�|�/Lq��*�J:�Pè�앪Qb��p�0I�1,#�n�]��E`P��1��o�Uܕe��&�}�=lQ�?p�rϐ��Kz ��~�j�y�h��s�;�u��[��I�`{R!#�J%�@��4��[X��Q��A�)H�j�P��.�"�)2�%�5O��F�J{6��3Ra�$��5vi�b�ޣ��M��X{��N��t��Bhr�1<�z��8<\ +ݓ[��歼Y��Q�PmEU%��5ա mT��;��D��eک�5��nG8[T��c�zo��hꉗf�}0��u��D`r,��nu��6� �;��l� 7��} ��Ә��'̶��&�Qx�\RX@QZo��F��s�R��,��b�9XJ�'_�v�`(atz�ӆ!��G��3�^��y9-AՆ͸q��Z^ň<0Ya��/�:]%�ɬ��`{��v�t�E)�e��\t�f��^W�a+��d�XڼA��z^�B<��?h7Bn��}_��&�ľ��q�A��vv_%�3��X3�Dn%�)*�l��Cm�F��Iϙq+�C(ԭpYv-��ϔ]��Aw,�Ĕ�#�]'7��?�u9�v?~$�uc=9�2�|�a�M�=�fv��q�3�4��A�� UR8��,.#�I�cs�N�T�a��`$�a�ڟ��9��A�g>kx[yh�NQ3�3�� %��2�~��F�X5�4�8�l��a�f�{{q�ףg��$7��i�}6�(N��G�PGbV��X=/��h��x�;#Oln��(�414��Ӡŀ:��+��x�C�f� � =�Z�" tā��I�0:��$�2#�qT]��|�/y7M��f��.u䁁t��x�u�W�7B��B�iG��q��9j��f0�Dl��!�ui7�j�$,~�d7��H1��bf��Bum��s ��8��}bG�⇒/Z�!��ԃ>��Qכ��W��I�@0��#"/ ��dPdf��b��s��eVoD�4<h��6��Ǔ�lhV�wsL�`�,g�Â��-E��Ij��/�*X�kP{�G�G��x�� 9#8��բϑ�"D��xe��*�9��[7HF��+H3�6��:��Q~�x��jI��}�uLU��zq&v\ ��*��'�[�\"P�2��3�I�5g�,��J�B��l�H�$� G��J��xnGr_މN�*��i�)<!��J-"wbU��%I�R��ֳR��.�Q�8_G*��-~��S� "��l3�d Ȳ�P�9��-�+�8��Gc{27*��H4є�/S}�P��"��UI�I��I��"��sR&��>6�.ǿZ<�tH��8�S�� r�U�Q�7��"��^L��,�m��u��HL�.��M��N��8��SkY^E��Ĕ;��8d� ��' ��a�jk4��-��0Q�G��V��ɻ ٚS�9�o��l�" JGXK��Ӳ߲GW�?w�L��BO��*�%w�$�:9'��5�v��{㌾�\�o�� z+��1��"��@N/a�Y�J� ��"��%Ύ��wo�3�6R-��+�t#pQ'��((�r�V��$�#R��_�.=Gg�P״��k��|7|{ǫ�̂�GY-5{ z��Dr��.I�Z E�P�#��pZ�&�,��x��i��:��w��r��4�7(��CJ��/��m �z�~<pd��a�㭍f&�dD#��I�^CU��E�R*�./�M��s�g~�5f��~��ԃX�'y��}8nD�WxH��/XnK�@��_0B�}�K� �F��yՈ :Dl"�F��5�C�h��ח��k��␹#��p�k]�&��2>��~�s�^]�4��B��A]��"RĺÕ��ڄ�|"�4��Y��h.Dv<�=�t�K�`��T�L��ő��U�37��DyO&��вF��aA�� 6�(��h�3��O0�ް�?�o?4�Ѵ<0�-g_,a��n� ��{y@�l�$_"� D��v�yU��f��C8�gBOM: ��t�IgST�e ��nH5�gK<}��V��Z��Q鈕5�+�:�^2�b�I�U�б��Q�Wݑ�۪g��[!(��RB��R1t"� _\��胈�b=[5�Uf$$��>�m:>

Sections

.text
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krasnol
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.krasnol
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7611a656a98af4e80d58ab62bca33209

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

advapi32

gdi32

user32

kernel32

imm32

ntdll

shell32

bcrypt

ws2_32

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 940KB

.rdata Size: - Virtual size: 356KB

.data Size: - Virtual size: 309KB

.pdata Size: - Virtual size: 41KB

_RDATA Size: - Virtual size: 244B

.krasnol Size: - Virtual size: 3.2MB

.krasnol Size: 5.7MB - Virtual size: 5.7MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 940KB

.rdata
Size: - Virtual size: 356KB

.data
Size: - Virtual size: 309KB

.pdata
Size: - Virtual size: 41KB

_RDATA
Size: - Virtual size: 244B

.krasnol
Size: - Virtual size: 3.2MB

.krasnol
Size: 5.7MB - Virtual size: 5.7MB

.rsrc
Size: 512B - Virtual size: 469B