Posexchange | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Posexchange
Size

680KB
MD5

5f7393716c2b80ccc3f9c58a3d36f3ca
SHA1

875189ca60689a1639397cf57d92ff20f9a054cc
SHA256

1b8b9c946aaa320f37bfe50d76460388574d16b0a390af4d68176d8620ac5641
SHA512

d427ca8a76014fc86347cff22bbf96c05a87bbbdc74567e530eea26149397e9f1dbbd9a689448e24a41fb196a2820902f1a305afe1cbf22934023baec049bd07
SSDEEP

12288:IkGn0e5RPU45PCykAE47ghobtFxllNgFnOWjynXxRTMoR5rmgw:Ik60ezxgdr47g+btFflNaOWXoRtmgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Posexchange

Files

Posexchange
.exe windows:1 windows x86 arch:x86

eee672af0dc7e4ab8edfdb46df487d25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlen
lstrcpyn
lstrcpy
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
lstrcpy
lstrcmp
WritePrivateProfileStringA
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateThread
Sleep
SizeofResource
SetVolumeLabelA
SetThreadPriority
SetThreadLocale
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SearchPathA
ResumeThread
ReleaseMutex
ReadFile
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
IsDBCSLeadByte
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVolumeInformationA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
FatalAppExitA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
MulDiv

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
WindowFromPoint
WinHelpA
WaitMessage
WaitForInputIdle
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessage
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyCursor
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
RegisterTypeLib
LoadTypeLib
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysStringLen
SysFreeString
SysAllocStringLen

mpr

WNetGetConnectionA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetOutlineTextMetricsA
GetObjectType
GetObjectA
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtSelectClipRgn
ExtCreatePen
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

ole32

CoTaskMemFree
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoRegisterClassObject
CoGetMalloc
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHGetPathFromIDList
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolder

comdlg32

GetSaveFileNameA
GetOpenFileNameA

winmm

timeGetTime

Sections

CODE
Size: 605KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.15PB
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eee672af0dc7e4ab8edfdb46df487d25

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

ole32

comctl32

shell32

comdlg32

winmm

Sections

CODE Size: 605KB - Virtual size: 1.6MB

DATA Size: 17KB - Virtual size: 32KB

BSS Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 100KB

.rsrc Size: 28KB - Virtual size: 116KB

.aspack Size: 8KB - Virtual size: 12KB

.15PB Size: 12KB - Virtual size: 12KB

CODE
Size: 605KB - Virtual size: 1.6MB

DATA
Size: 17KB - Virtual size: 32KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 100KB

.rsrc
Size: 28KB - Virtual size: 116KB

.aspack
Size: 8KB - Virtual size: 12KB

.15PB
Size: 12KB - Virtual size: 12KB