spectral[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

spectral.exe
Size

81.9MB
MD5

2ce6348e4bb59550f914a4fa6464915a
SHA1

b27e7ed30642f937a8a2f5402d14f89254900a2b
SHA256

4a63f94be4a79ef5fa4002bb849ad87dd1db83e5755209d6c4bcce5f2edb0e97
SHA512

fda7685267b0406d07a39ab6c04f0d0a30a4761999f2121b99402a485b96680b4402d061d5ee618bf8ff2b0675570bcb3cd566d86157e1d8f07d75d16c95d887
SSDEEP

393216:416eXr1XxrMaco+gy8L4qcPihwICdbKJEERLQlnw7J0On9X510235kTyx6:2FxQbCiqwIClKJvklquOn9w235s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spectral.exe

Files

spectral.exe
.exe windows:4 windows x64 arch:x64

0a079b45fbf604a8e63e77fbb97d9460

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CancelIoEx
CloseHandle
CompareStringOrdinal
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiber
CopyFileExW
CreateConsoleScreenBuffer
CreateDirectoryW
CreateEventW
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLargestConsoleWindowSize
GetLastError
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount64
GetTimeZoneInformation
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsThreadAFiber
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReOpenFile
ReadConsoleInputW
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleWindowInfo
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadErrorMode
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
lstrlenW

api-ms-win-crt-convert-l1-1-0

mbrtowc
strtol
strtoul
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_wgetcwd
_wgetenv

api-ms-win-crt-filesystem-l1-1-0

_getdrive
_lock_file
_umask
_unlock_file
_waccess
_wchdir
_wchmod
_wmkdir
_wrmdir

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr
cbrt
ceil
ceilf
exp
expf
floor
floorf
fmod
fmodf
log
log10
log2
log2f
logf
pow
powf
round
roundf
trunc
truncf

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_assert
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_fpreset
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf_s
_chsize_s
_close
_get_osfhandle
_lseeki64
_mktemp
_open_osfhandle
_read
_write
fclose
feof
fflush
fgets
fopen
fputc
fread
fwrite
rewind

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
_strnicmp
isalnum
isalpha
iscntrl
islower
isprint
ispunct
isspace
isupper
isxdigit
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
toupper
wcscat
wcscmp
wcscpy
wcslen
wcsncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_localtime64
_mktime64
_time64
_tzset
clock

api-ms-win-crt-utility-l1-1-0

qsort

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptReleaseContext
EqualSid
GetNamedSecurityInfoW
GetTokenInformation
IsValidSid
IsWellKnownSid
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKey
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptVerifySignature

crypt32

CertAddCertificateContextToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertCloseStore
CertCreateCertificateContext
CertDeleteCertificateFromStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CryptAcquireCertificatePrivateKey
CryptBinaryToStringA
CryptDecodeObjectEx
CryptEncodeObjectEx
CryptHashCertificate
CryptStringToBinaryA
PFXExportCertStore
PFXImportCertStore

dbghelp

StackWalk64
SymFromAddrW
SymFunctionTableAccess64
SymGetLineFromAddrW64
SymGetModuleBase64
SymInitializeW

ncrypt

NCryptFreeObject

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

rpcrt4

UuidCreate

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

shell32

SHGetKnownFolderPath

user32

FindWindowA
SendMessageA

userenv

GetUserProfileDirectoryW

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryAuthSchemes
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStartup
WSAStringToAddressA
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

__jit_debug_descriptor
__jit_debug_register_code

Sections

.text
Size: 41.4MB - Virtual size: 41.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35.8MB - Virtual size: 35.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a079b45fbf604a8e63e77fbb97d9460

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

ntdll

advapi32

bcrypt

crypt32

dbghelp

ncrypt

ole32

rpcrt4

secur32

shell32

user32

userenv

winhttp

ws2_32

Exports

Exports

Sections

.text Size: 41.4MB - Virtual size: 41.4MB

.data Size: 71KB - Virtual size: 70KB

.rdata Size: 35.8MB - Virtual size: 35.8MB

.eh_fram Size: 1024B - Virtual size: 968B

.pdata Size: 1.1MB - Virtual size: 1.1MB

.xdata Size: 2.9MB - Virtual size: 2.9MB

.bss Size: - Virtual size: 13KB

.edata Size: 512B - Virtual size: 139B

.idata Size: 19KB - Virtual size: 19KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 712KB - Virtual size: 711KB

.text
Size: 41.4MB - Virtual size: 41.4MB

.data
Size: 71KB - Virtual size: 70KB

.rdata
Size: 35.8MB - Virtual size: 35.8MB

.eh_fram
Size: 1024B - Virtual size: 968B

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.xdata
Size: 2.9MB - Virtual size: 2.9MB

.bss
Size: - Virtual size: 13KB

.edata
Size: 512B - Virtual size: 139B

.idata
Size: 19KB - Virtual size: 19KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 712KB - Virtual size: 711KB