Speech[.]exe | Triage

Resubmissions

21-05-2024 06:19

240521-g3f2vsbb4x 3

21-05-2024 06:09

240521-gwwhzaac97 3

Sharing

Copy URL

Twitter E-mail

General

Target

Speech.exe
Size

1.3MB
MD5

d2b55fb7762408c2d2509e86fc40e640
SHA1

eddcfd1ddf35f789fc50a6dab16a1f779cad3f76
SHA256

ed43f74fc5bfbb139150f3557c1f91218124b1230ef0a8a3629cf421ad577c38
SHA512

628dc2056dbc73e8161049916bb3a0b684f52079a734fb45579f19bb3116132936a42019b6f164f416232c3f8348057737f7a4625d2d9bd30ae7a8cba69c156b
SSDEEP

24576:gJduBn+/D/4isQZSti4tWZy3Q1EBiCjEXzExoLHKdEqgj:gJIRbisQqi4tWcycAtHKdwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Speech.exe

Files

Speech.exe
.exe windows:5 windows x64 arch:x64

95b57c5effe390ecfcfeb3aa474ea2a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostname
bind
listen
inet_addr
WSAAsyncSelect
connect
recv
socket
htons
send
closesocket
WSAGetLastError
shutdown
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAStartup
WSACleanup
getsockname
ntohs
inet_ntoa
accept

iphlpapi

GetAdaptersInfo

kernel32

FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
LocalAlloc
TlsGetValue
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
CompareStringA
GetModuleHandleW
lstrcmpA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalFlags
GetFileSizeEx
GetFileTime
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetPrivateProfileStringA
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
RaiseException
FindFirstFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapReAlloc
GetCommandLineA
GetSystemInfo
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapSetInformation
HeapCreate
HeapDestroy
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
CompareStringW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetFullPathNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
RtlCaptureContext
GetFileAttributesA
GetEnvironmentVariableA
OpenFileMappingA
MapViewOfFile
HeapAlloc
GetProcessHeap
HeapFree
IsBadReadPtr
VirtualFree
VirtualProtect
VirtualAlloc
GetFileSize
GetACP
lstrcpynA
lstrcatA
lstrcpyA
UnmapViewOfFile
SetFilePointerEx
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceLanguagesA
FindResourceExA
WinExec
ExitProcess
GetCurrentThreadId
ResetEvent
SetCurrentDirectoryA
GetModuleFileNameA
CreateEventA
SetEvent
GetVersion
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
GetSystemDirectoryA
OpenProcess
VirtualProtectEx
WriteProcessMemory
ReadProcessMemory
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
WaitForSingleObject
TerminateThread
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetWindowsDirectoryA
GetTempFileNameA
CreateFileMappingA
GetConsoleScreenBufferInfo
LeaveCriticalSection
InitializeCriticalSection
FreeLibrary
GetTempPathA
DeleteFileA
GetVersionExA
GlobalMemoryStatus
WriteFile
GetCurrentProcess
DuplicateHandle
PeekNamedPipe
TerminateProcess
GetQueuedCompletionStatus
GetOverlappedResult
GetTickCount
ReadFile
GetLastError
Sleep
CreateIoCompletionPort
GetCurrentDirectoryA
CreateFileA
CloseHandle
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
SetLastError
SetFilePointer
GetVolumeInformationA
SetConsoleScreenBufferSize
GetFullPathNameW
UnlockFileEx
LoadLibraryW
FormatMessageW
GetFileAttributesW
CreateFileW
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
GetSystemTime
AreFileApisANSI
RtlPcToFileHeader

user32

PostQuitMessage
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ValidateRect
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadCursorA
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
GetFocus
GetParent
SetWindowPos
EnableWindow
IsWindowEnabled
GetDlgCtrlID
IsWindow
SetWindowTextA
GetWindowLongA
GetDlgItem
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CreateWindowExA
SetWindowLongPtrA
DestroyWindow
GetWindowLongPtrA
wsprintfW
wsprintfA
PostMessageA
SendMessageA
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowRect
IsCharAlphaNumericA
CopyRect
CharUpperA

gdi32

GetStockObject
CreateBitmap
DeleteDC
SetViewportOrgEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

StartServiceCtrlDispatcherA
QueryServiceStatus
CloseServiceHandle
RegEnumValueA
RegEnumKeyExA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CredFree
CredEnumerateA
RegQueryValueExA
StartServiceA
RegisterServiceCtrlHandlerA
ControlService
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
SetServiceStatus
DeregisterEventSource
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
CreateServiceA
DeleteService

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
SHDeleteKeyA
StrStrIA

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptUnprotectData

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantChangeType
VariantInit
GetErrorInfo

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

95b57c5effe390ecfcfeb3aa474ea2a1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

crypt32

ole32

oleaut32

winhttp

wininet

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 38KB - Virtual size: 76KB

.pdata Size: 62KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 38KB - Virtual size: 76KB

.pdata
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 436B