xtool[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

xtool.exe
Size

3.6MB
MD5

4b53de56306a5acc377d2d183b857cf8
SHA1

31b1588b02888c0555bcf281c3e013bdc231e756
SHA256

73dc1e764c00b89cc21abb1fb0147b88ffa40c9bf4651064c52a3cde189a343a
SHA512

d034bd899ec66981d5304bf9fe8580a2df4b7f6aad5e0419802fef13509f1a67c520cc8c89a03247fa600db4488dded3afe07a2847db3d71d2cf8ad35066c949
SSDEEP

49152:bl3g5fYO3k+NxkVlmAxoOigcrfiF0tdYgWOxtNebO6hLpQPeVfj1gWFqkkpGWmKr:bSbn0l0H3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xtool.exe

Files

xtool.exe
.exe windows:5 windows x64 arch:x64

6e9bd699fdedb6171922dbe15aeebc2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileAttributesW
GetFileType
FlushViewOfFile
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
CreateSemaphoreW
OpenFileMappingW
UpdateResourceW
TerminateThread
QueryPerformanceFrequency
GetHandleInformation
SetHandleInformation
IsDebuggerPresent
FindNextFileW
FlushInstructionCache
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GetSystemTimeAsFileTime
FormatMessageW
SwitchToThread
GetExitCodeThread
WriteConsoleW
GetCurrentThread
GetFileAttributesExW
IsBadReadPtr
GlobalMemoryStatusEx
LoadLibraryExW
TerminateProcess
LockResource
CancelIo
BeginUpdateResourceW
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetStartupInfoW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
SetConsoleCursorPosition
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
FindResourceExW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetProcessTimes
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
GetModuleFileNameA
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
GetComputerNameW
IsValidLocale
TlsSetValue
EndUpdateResourceW
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetConsoleScreenBufferInfo
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
GetThreadLocale
SetThreadLocale

dbghelp

ImageRvaToVa
ImageNtHeader

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW
MessageBoxA

oleaut32

SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantCopyInd

msvcrt

memset
memcpy
memmove

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 600B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e9bd699fdedb6171922dbe15aeebc2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dbghelp

version

user32

oleaut32

msvcrt

advapi32

winhttp

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.data Size: 219KB - Virtual size: 219KB

.bss Size: - Virtual size: 107KB

.idata Size: 7KB - Virtual size: 7KB

.didata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 110B

.tls Size: - Virtual size: 600B

.rdata Size: 512B - Virtual size: 109B

.pdata Size: 109KB - Virtual size: 108KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 219KB - Virtual size: 219KB

.bss
Size: - Virtual size: 107KB

.idata
Size: 7KB - Virtual size: 7KB

.didata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 110B

.tls
Size: - Virtual size: 600B

.rdata
Size: 512B - Virtual size: 109B

.pdata
Size: 109KB - Virtual size: 108KB

.rsrc
Size: 17KB - Virtual size: 17KB