MonkeModManager[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MonkeModManager.exe
Size

90KB
MD5

2ba7ae1291f1e4abc74fbe25316e7b0a
SHA1

a08af551686a1d9102da5c8936372092c0ec2232
SHA256

b9373ae77d3a772960d590a2b8308a1c97642b285421f1a3a80358378be1c702
SHA512

4300f2872583e848e2f1af12f81fa2660914cd31a0384d535547f02ea9a81f1920b53589ba191bf559ac42ad7041a096e91980b3dd3e5368f52abb8f9696cce7
SSDEEP

768:xZEyJs6JrtsbRunk1Bb35QbMz/5sv433tnelHx9O:xZT26NQ0nkdFBsv03tneJx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MonkeModManager.exe

Files

MonkeModManager.exe
.exe .ps1 windows:6 windows x64 arch:x64 polyglot

e94842e99bbb627abb5135bd7de3296c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\emilk\source\repos\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb

Imports

kernel32

RtlLookupFunctionEntry
GetComputerNameW
DeleteFileW
GetModuleFileNameW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

advapi32

GetUserNameW

shell32

ShellExecuteExA

msvcp140

?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
__std_terminate
__std_exception_copy
__C_specific_handler
_CxxThrowException
memcpy
__std_exception_destroy
memset

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
__p___argc
__p___argv
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_c_exit
_cexit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e94842e99bbb627abb5135bd7de3296c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 696B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 696B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 512B - Virtual size: 96B