MidnightExploit[.]exe | Triage

Sharing

General

Target

MidnightExploit.exe
Size

2.6MB
MD5

8f77f3354edbdb2b36c8664b42c9d996
SHA1

862131825b0a392b96ac8e44d1aefb7da1332eef
SHA256

5fadbda0ea0c5131c649991dc0e4115d069d01d7d8bd75ae9ef531b533826c5b
SHA512

aea25ff9a3795e940df86ad5b83ff367d6933bbe4db397f2d9febb0e7e7ecb8a96f667aadbeab5aeeb7f6d2bad26e590f509f512c733b25dc942b2605f0c0ed9
SSDEEP

49152:dgVb8YBZ7gysQWBhjCmjiwly12Ck18BrkMw7:qVbVkzrBhOmjPlyMYkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MidnightExploit.exe

Files

MidnightExploit.exe
.exe windows:4 windows x86 arch:x86

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

LockResource
lstrlenA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
lstrcpynA
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrcatA
lstrcpyA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE