client[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

client.exe
Size

15.8MB
MD5

105cb2b0436ef066bf7eaed7013d9fa6
SHA1

cb74c1db9749db04f09c30f51fdbf984dadab214
SHA256

637bbaa2f4494e1789d1cf3a0eb046279a58c01d9789ba327c516947635b7247
SHA512

797e501556f358e0b0e4173eb4ebd51beedf48a8f57e8e6703678ff0efd84d3c9aecc12ee9fa5e11d431076aa930a6809b7c77e0e04d6c1bb85f2d5a43b17538
SSDEEP

393216:ldzZ7L4zPZCQTbmTG1DTi9Vyv2l+GiEwoCMoLSMs2x1:lPv4zxC+mTcTujl+/KCJ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
client.exe

Files

client.exe
.exe windows:6 windows x64 arch:x64

ec22999f71062c26bfc18c5f9770c9eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

ws2_32

socket

crypt32

CertOpenStore

wldap32

ord211

normaliz

IdnToAscii

kernel32

WakeAllConditionVariable
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowLongW

gdi32

CreateRoundRectRgn

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ole32

CoInitializeEx

oleaut32

SysFreeString

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmGetContext

d3dx9_43

D3DXCreateTextureFromFileInMemory

urlmon

URLDownloadToFileA

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr

api-ms-win-crt-runtime-l1-1-0

system

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

_fdsign

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

_putenv_s

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x~t
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pO9
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.{&S
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec22999f71062c26bfc18c5f9770c9eb

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

dwmapi

imm32

d3dx9_43

urlmon

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: - Virtual size: 949KB

.rdata Size: - Virtual size: 351KB

.data Size: - Virtual size: 11.5MB

.pdata Size: - Virtual size: 38KB

.x~t Size: - Virtual size: 3.1MB

.pO9 Size: 6KB - Virtual size: 5KB

.{&S Size: 15.8MB - Virtual size: 15.8MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 949KB

.rdata
Size: - Virtual size: 351KB

.data
Size: - Virtual size: 11.5MB

.pdata
Size: - Virtual size: 38KB

.x~t
Size: - Virtual size: 3.1MB

.pO9
Size: 6KB - Virtual size: 5KB

.{&S
Size: 15.8MB - Virtual size: 15.8MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B