e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e.exe
Size

873KB
MD5

f82a4901e1cc7217d06f0245c2c32aaf
SHA1

84ec480f70791bdd172faaee495f60a49bd5ab44
SHA256

3794ef322ef6f988a9289e7c2c3484273562b31a9f34c07b84ebced92d5e7b4b
SHA512

b083341e4b647fc271b9513698663bf242f9824422c68c6f2af2245c05568ef305e92d13cb9ac07af070e0c9aa613124b5390799ab82822405f2e049a0b3fdcc
SSDEEP

12288:OBOBVIPyasqsQGqkzUgaTjD4TCxa6iMMcMgL0OqM:OBO/IPyassGqkaTv+Cxa6/VL0O1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e.exe

Files

e.exe
.exe windows:6 windows x64 arch:x64

75ba127d7e8cba303a93b4d65f8da5e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTokenInformation
OpenProcessToken

opengl32

glGetError
glColorMask
glBlendFunc
glStencilFunc
glFrontFace
glMatrixMode
glEnd
glTexCoord2d
glLoadIdentity
glCullFace
glEnable
glGenTextures
glBindTexture
glStencilMask
glClear
glStencilOp
glTexParameteri
glFinish
glViewport
glDeleteTextures
glGetIntegerv
glGetString
wglGetProcAddress
wglGetCurrentDC
glBegin
glClearColor
glDrawArrays
glTexImage2D
glVertex2d
glColor4f
glDisable
wglMakeCurrent
glPixelStorei
glTexSubImage2D
glOrtho
wglCreateContext

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtQuerySystemInformation

ws2_32

WSAStartup
getaddrinfo
select
WSACleanup
socket
connect
recv
getsockopt
closesocket
send
freeaddrinfo
ioctlsocket
WSAGetLastError

kernel32

FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
CreateToolhelp32Snapshot
OpenProcess
Module32First
Module32Next
WriteProcessMemory
SetLastError
GetCurrentProcess
DeviceIoControl
CreateFileA
CloseHandle
GetModuleHandleA
Sleep
GetLastError
GetProcAddress

user32

GetDC
MessageBoxA
SetForegroundWindow
RegisterClassExA
PeekMessageA
LoadIconA
CreateWindowExA
DefWindowProcA
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
GetKeyState
GetMessageA
DispatchMessageA
GetWindowRect
GetFocus
LoadCursorA
GetCursorPos
IsWindowVisible
SetWindowPos
ShowWindow

gdi32

SwapBuffers
SetPixelFormat
ChoosePixelFormat

shell32

ShellExecuteA

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
_Xtime_get_ticks
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memmove
memcpy
_purecall
memcmp
memchr
__std_terminate
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-string-l1-1-0

_stricmp
isalnum
strcmp
isspace
strncmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
exit
_crt_atexit
terminate
_errno
_c_exit
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
strtod

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-stdio-l1-1-0

fgets
__p__commode
_pclose
__stdio_common_vsprintf_s
_set_fmode
__stdio_common_vsprintf
_popen
__acrt_iob_func
__stdio_common_vfprintf
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fclose
fflush
fopen
fputc

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_callnewh
free
_set_new_mode

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

pow
sinf
sqrt
floorf
expf
floor
cosf
ceilf
sqrtf
ceil
__setusermatherr
ldexp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75ba127d7e8cba303a93b4d65f8da5e1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

opengl32

ntdll

ws2_32

kernel32

user32

gdi32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 352KB - Virtual size: 351KB

.rdata Size: 503KB - Virtual size: 502KB

.data Size: 2KB - Virtual size: 27KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 352KB - Virtual size: 351KB

.rdata
Size: 503KB - Virtual size: 502KB

.data
Size: 2KB - Virtual size: 27KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB