Daemon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Daemon.exe
Size

3.0MB
MD5

4b9eb5ee3a233b024e331d961eb3100d
SHA1

20c8465ec49766f3270be80cc3abc83ee191d659
SHA256

fbc3a8f8a56d90cc3af6999a668c8f04db2eb89fdf61ca3061ce163e63113ac1
SHA512

a35a8c02267d772b8eb784fe49c60a27c227dff0fd2418e3bd3f26dff45d133e7967fd17acb13a56649ce25c8720134752384221d528e6b74c4fce888c3367a4
SSDEEP

49152:qRPSR1Pa7ZoSUX09hIctAF8Jsv6tWKFdu9CjPTOm7cJYptB730p3EeDyqSD364Fy:qRPvbUEAcPJsv6tWKFdu9CjvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Daemon.exe

Files

Daemon.exe
.exe windows:5 windows x86 arch:x86

b98ece19ebe87c3650454bf9f6f633b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN_NEW\T9000New\Daemon\trunk\Target\Daemon.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeSetEvent
timeKillEvent

kernel32

TlsAlloc
TlsGetValue
TlsFree
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
CloseHandle
DeleteFileW
CopyFileW
SetEvent
WaitForSingleObject
Sleep
CreateEventA
VerSetConditionMask
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TlsSetValue
SleepEx
CreateEventW
SetWaitableTimer
VerifyVersionInfoA
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId
WriteFile
ReadFile
GetSystemTime
GetSystemInfo
GetTickCount
lstrcatW
lstrlenW
GetModuleFileNameA
GetModuleFileNameW
CreateProcessA
GetSystemDirectoryW
CreateFileW
ReleaseMutex
CreateMutexW
SetFilePointer
FindClose
lstrlenA
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetStdHandle
GetLocalTime
CreateFileA
GetFileAttributesA
AllocConsole
CompareStringW
GetUserDefaultLCID
OutputDebugStringW
GetConsoleWindow
FormatMessageW
GetModuleHandleW
GetProcAddress
WaitForSingleObjectEx
GetCurrentDirectoryW
DeleteCriticalSection
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
FileTimeToSystemTime
GetFileInformationByHandleEx
DuplicateHandle
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetStartupInfoW
ResetEvent
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserPreferredUILanguages
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
LoadLibraryW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FindFirstFileExW
GetExitCodeProcess
OpenProcess
LoadLibraryA
VirtualFree
ReleaseSemaphore
LCMapStringW
GetSystemTimeAsFileTime
GetStringTypeW
RaiseException
DecodePointer
EncodePointer
GetModuleHandleA
GetSystemDirectoryA
WaitForMultipleObjectsEx
OpenEventA
GetCommandLineW
FormatMessageA
CreateWaitableTimerA
RtlUnwind
LoadLibraryExW
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetCommandLineA
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
PostQueuedCompletionStatus
LocalFree
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedExchange
InterlockedIncrement
MultiByteToWideChar
GetLastError
InterlockedDecrement
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetFileInformationByHandle
ReadConsoleW
GetConsoleCP
SetFileAttributesW
SetStdHandle
HeapReAlloc
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
GetACP
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileExA

user32

GetQueueStatus
DestroyWindow
CallNextHookEx
CharNextExA
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
MsgWaitForMultipleObjectsEx
SetTimer
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
wvsprintfA
wsprintfW
wsprintfA
MessageBoxW
KillTimer
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
LoadStringA
MessageBoxA
UnhookWindowsHookEx

advapi32

RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AccessCheck
OpenProcessToken
RegSetValueExW

shell32

ShellExecuteExW
SHFileOperationW

ole32

OleRun
CLSIDFromString
CoUninitialize
CoTaskMemFree
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
GetErrorInfo
SysFreeString

odbc32

ord43
ord44
ord18
ord20
ord75
ord61
ord72
ord127
ord108
ord111
ord136
ord119
ord139
ord31
ord145
ord147
ord152
ord154
ord141
ord138
ord176
ord165
ord12
ord29
ord9
ord26
ord24
ord30
ord140
ord13

ws2_32

listen
htons
bind
WSAAddressToStringW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSASocketW
shutdown
setsockopt
select
ntohl
inet_addr
htonl
getsockopt
getpeername
ioctlsocket
closesocket
inet_ntoa
WSAAsyncSelect
WSAStartup

mswsock

AcceptEx
GetAcceptExSockaddrs

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b98ece19ebe87c3650454bf9f6f633b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winmm

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

mswsock

dbghelp

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 28KB - Virtual size: 44KB

.qtmetad Size: 512B - Virtual size: 256B

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 440B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 28KB - Virtual size: 44KB

.qtmetad
Size: 512B - Virtual size: 256B

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 440B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 68KB - Virtual size: 68KB