b12eff5dda4a13f3f59b62733cd28e50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b12eff5dda4a13f3f59b62733cd28e50.exe
Size

7.8MB
MD5

b12eff5dda4a13f3f59b62733cd28e50
SHA1

1db4efd13f5ea55398cf819d830324671032ec87
SHA256

f816156e1f2bc70594d63522e3a26c1564113114aeb771a5c49535cddf46a78c
SHA512

e519a66b1ce9ba3347cd3e326db1f5b9f3c4f10f0dabf2b34dee6c0a23e950943a9ffebfe6b66c3f6c719eda544a544fb82ad7d48d1dcd11e88422dc3fd76d10
SSDEEP

196608:SEi6ar5mYjXjU1lYIb6tf3sIuiOYrO1JAakO:O0KXjU1haK1JlT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b12eff5dda4a13f3f59b62733cd28e50.exe

Files

b12eff5dda4a13f3f59b62733cd28e50.exe
.exe windows:5 windows x64 arch:x64

9686e3cc57eae87ba77cdd76cafbe972

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\build\nw16_sdk_win64\node-webkit\src\out\Release_x64\initialexe\nw.exe.pdb

Imports

nw_elf

SignalChromeElf

rpcrt4

UuidCreate

advapi32

ImpersonateNamedPipeClient
GetSecurityInfo
SetEntriesInAclW
SetThreadToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
CreateProcessAsUserW
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

user32

GetProcessWindowStation
GetUserObjectInformationW
SetProcessWindowStation
PeekMessageW
PostThreadMessageW
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop

kernel32

GetProcessHeap
SetStdHandle
GetFullPathNameW
ExitProcess
GetConsoleMode
GetConsoleCP
RtlUnwindEx
RtlPcToFileHeader
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringW
EncodePointer
LoadLibraryExA
GetDriveTypeW
PeekNamedPipe
GetACP
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
IsValidCodePage
GetOEMCP
HeapSize
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ConnectNamedPipe
DisconnectNamedPipe
SuspendThread
GetSystemDefaultLCID
WriteConsoleW
GetFileSizeEx
GetThreadId
SearchPathW
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
CreateEventW
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
GetCurrentProcessId
GetModuleHandleW
VirtualAlloc
VirtualFree
GetFileInformationByHandle
GetExitCodeProcess
CompareStringW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
WriteFile
CreateFileW
DeleteFileW
CloseHandle
FormatMessageA
GetTickCount
SetThreadPriority
Sleep
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
LocalFree
TerminateProcess
OpenProcess
IsDebuggerPresent
GetProcessTimes
CreateThread
GetVersionExW
GetNativeSystemInfo
ReadFile
QueryDosDeviceW
GetLongPathNameW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
lstrlenW
LoadLibraryW
SetInformationJobObject
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
CreatePipe
ResumeThread
CreateProcessW
GetUserDefaultUILanguage
GetLocaleInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
FindClose
VirtualQuery
SetEvent
ResetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
RtlAddFunctionTable
RtlDeleteFunctionTable
CreateRemoteThread
VirtualProtect
HeapAlloc
HeapReAlloc
HeapFree
GetTimeZoneInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetThreadLocale
ReleaseSemaphore
CreateSemaphoreW
LockFileEx
UnlockFileEx
GetFileType
SleepEx
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
HeapSetInformation
TerminateJobObject
GetUserDefaultLCID
GetThreadContext
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
DebugBreak

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReadData
WinHttpConnect

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetHandleVerifier
GetUploadedReportsImpl
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
RegisterNonABICompliantCodeRange
SetCrashKeyValueImpl
UnregisterNonABICompliantCodeRange

Sections

.text
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9686e3cc57eae87ba77cdd76cafbe972

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nw_elf

rpcrt4

advapi32

version

winmm

user32

kernel32

winhttp

Exports

Exports

Sections

.text Size: 747KB - Virtual size: 746KB

.rdata Size: 228KB - Virtual size: 228KB

.data Size: 5KB - Virtual size: 45KB

.pdata Size: 39KB - Virtual size: 39KB

CPADinfo Size: 512B - Virtual size: 48B

.gfids Size: 1024B - Virtual size: 756B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 291KB - Virtual size: 290KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 747KB - Virtual size: 746KB

.rdata
Size: 228KB - Virtual size: 228KB

.data
Size: 5KB - Virtual size: 45KB

.pdata
Size: 39KB - Virtual size: 39KB

CPADinfo
Size: 512B - Virtual size: 48B

.gfids
Size: 1024B - Virtual size: 756B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 291KB - Virtual size: 290KB

.reloc
Size: 6KB - Virtual size: 5KB