TheHeadmaster[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TheHeadmaster.exe
Size

102KB
MD5

9fc5c56438c659fb4563b12ae8186608
SHA1

51c1d56b47e30c95d9151378a7bbb2b93e74708b
SHA256

19390c0eedcd974e57a13cc03f78454f6de4e2f36d85f412249d1c04841dd0ec
SHA512

78bafaa8b57dc3c88acec0b015a291bf1857593f86b54a4514857523dfd6a95a99a97bcb0a1e9425c127f1958ac1ab5797ecb7a52a72e00ed8c649c7f3d1c475
SSDEEP

3072:V3Yj+8JlFCumUbyJlKP8HRvkduTK5Nrh2o9Dj0fmoQ:xQ+IFCumUGekHRvEuO3go9kfnQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

TheHeadmaster.exe

resource
TheHeadmaster.exe

Files

TheHeadmaster.exe
.exe windows:6 windows x64 arch:x64

a9563ca2ee659a9314820bead4ec962b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__wcmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vswprintf
fwrite

api-ms-win-crt-string-l1-1-0

_wcsdup
memset
strlen
strncmp
wcslen

user32

MessageBoxW

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
SetDllDirectoryW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9563ca2ee659a9314820bead4ec962b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

user32

kernel32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 4KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 444B

.pdata Size: 512B - Virtual size: 396B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 444B

.pdata
Size: 512B - Virtual size: 396B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 87KB - Virtual size: 86KB