K[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

K.exe
Size

4.8MB
MD5

0b8e85bab4835b6ba09f3bdec902f72d
SHA1

1ad5d7ef259079a4b60964895e72ec004ca42199
SHA256

582acb10868ca768a7208e898610925eed53372cef01bf4a83e583d5b36323cd
SHA512

7e1dae2ffa6d7eef7738e2063e6b38b609f1c64c357dd547f85e01cf8defa8d2f9169d8369dff866b7bb8e5b06208fdae4efd1b966cf50cb7b6097fdcbea48bd
SSDEEP

98304:cJSZsz35aFxepAo7haa0Dooj9ghi1RebMIg9Cbk/V8dQXSNW:cjg4haaxojDIg9Cbk/V8dQXmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
K.exe

Files

K.exe
.exe windows:5 windows x64 arch:x64

d018f1011eb53cdef178196d4fe358da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcmpiA
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFileAttributesExA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
LocalAlloc
TlsGetValue
InitializeCriticalSection
TlsAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetProfileIntA
Sleep
SearchPathA
GetTempPathA
GetCPInfo
GetOEMCP
GetACP
VirtualProtect
SetErrorMode
GetWindowsDirectoryA
GetNumberFormatA
FindResourceExW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
ExitProcess
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetConsoleCP
GetConsoleMode
GetStdHandle
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetFullPathNameA
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
GetTimeZoneInformation
CompareStringW
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetModuleFileNameA
GetFileSize
FindResourceA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
EnterCriticalSection
LeaveCriticalSection
lstrcmpA
FreeResource
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
ActivateActCtx
DeactivateActCtx
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
GetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
MultiByteToWideChar
FreeLibrary
SetLastError
GetTempFileNameA
GetFileTime
GetVersion
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryW
SetFileTime
WriteFile
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrcatA
lstrlenA
lstrcpyA
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
CreateFileA
DeleteFileA
GetCurrentDirectoryA
FindResourceW
LoadResource
LockResource
SizeofResource
FlushFileBuffers
WideCharToMultiByte
GetDriveTypeW

user32

GetClassLongA
LoadIconA
CharUpperBuffA
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DrawEdge
DrawFocusRect
GetSysColorBrush
DrawIconEx
SetRect
GetDC
ReleaseDC
GetKeyNameTextA
MapVirtualKeyA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
RegisterClipboardFormatA
PostThreadMessageA
ShowOwnedPopups
DrawIcon
RealChildWindowFromPoint
EnumDisplayMonitors
SetLayeredWindowAttributes
SetMenuDefaultItem
IsClipboardFormatAvailable
CopyAcceleratorTableA
GetMenuDefaultItem
SetClassLongPtrA
SetCursorPos
FrameRect
CopyIcon
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
EnumChildWindows
GetUpdateRect
SubtractRect
UnregisterClassA
MapDialogRect
GetNextDlgGroupItem
DestroyCursor
GetDoubleClickTime
CreateMenu
GetWindowRgn
IsCharLowerA
MapVirtualKeyExA
InvertRect
HideCaret
IsZoomed
GetAsyncKeyState
MessageBeep
LoadCursorA
LoadCursorW
WindowFromPoint
SetCapture
ScreenToClient
GetClientRect
GetSystemMenu
LoadMenuW
EnableMenuItem
CheckMenuItem
DeleteMenu
BeginDeferWindowPos
GetMessagePos
IsChild
InflateRect
PtInRect
DestroyAcceleratorTable
DestroyWindow
NotifyWinEvent
GetTopWindow
GetWindowRect
SetWindowRgn
GetClassNameA
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
SetWindowPos
LoadImageA
DestroyIcon
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
SetCursor
SetPropA
ReleaseCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindowLongA
ShowWindow
GetWindow
IsWindow
TranslateAcceleratorA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
WaitMessage
PostMessageA
PeekMessageA
DispatchMessageA
MonitorFromWindow
ScrollWindow
SetScrollRange
SendMessageA
SetTimer
LoadIconW
MessageBoxA
RedrawWindow
EnableWindow
KillTimer
SetWindowPlacement
GetScrollRange
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetWindowPlacement
DefWindowProcA
CallWindowProcA
SetParent
LockWindowUpdate
TrackPopupMenu
ModifyMenuA
GetWindowTextLengthA
GetWindowTextA
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MonitorFromPoint
GetMonitorInfoA
UpdateLayeredWindow
EnableScrollBar
SetScrollPos
GetScrollPos
MapWindowPoints
UnionRect
SystemParametersInfoA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
FillRect
DrawStateA
CopyImage
GetIconInfo
GetSystemMetrics
IsMenu
GetClassLongPtrA
GetMenuItemInfoA
ClientToScreen
PostQuitMessage
GetFocus
GetPropA
RemovePropA
GetForegroundWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetCapture
GetMessageTime
DrawFrameControl
IsRectEmpty
RegisterWindowMessageA
EndDeferWindowPos
CharUpperA
wsprintfA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

gdiplus

GdipFree
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipAlloc
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream

ws2_32

ioctlsocket
gethostname
ntohl
freeaddrinfo
getsockopt
setsockopt
WSAIoctl
__WSAFDIsSet
ntohs
WSAStartup
WSACleanup
closesocket
accept
socket
select
htonl
htons
bind
getsockname
getpeername
WSASetLastError
connect
sendto
recvfrom
send
recv
WSAGetLastError
listen
getaddrinfo

winmm

PlaySoundA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdi32

CreateDIBSection
SetPixel
GetPixel
StretchBlt
CombineRgn
CreateRectRgn
GetStockObject
CreateBitmap
SelectPalette
RealizePalette
GetDIBits
SetBkColor
BitBlt
SetDIBColorTable
DeleteDC
GetObjectA
DeleteObject
GetTextMetricsA
GetTextExtentPoint32A
PatBlt
SelectObject
CreateRoundRectRgn
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCA
GetDeviceCaps
SetPixelV
GetTextFaceA
EnumFontFamiliesExA
GetSystemPaletteEntries
GetNearestPaletteIndex
GetViewportOrgEx
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetWindowOrgEx
SetPaletteEntries
GetPaletteEntries
CreatePalette
ExtFloodFill
GetRgnBox
OffsetRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
LPtoDP
DPtoLP
GetObjectType
SetTextColor
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
ExtSelectClipRgn
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Ellipse
Polygon
ExtTextOutA
CreatePatternBrush
Rectangle
CreateFontIndirectA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CopyMetaFileA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

advapi32

CryptGetHashParam
CryptCreateHash
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumKeyExA
RegEnumValueA
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptGenRandom

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleGetClipboard
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
CoInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysAllocString
VarBstrFromDate
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen

wldap32

ord143
ord211
ord22
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46

crypt32

CertFreeCertificateContext

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d018f1011eb53cdef178196d4fe358da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msimg32

comctl32

shlwapi

gdiplus

ws2_32

winmm

wininet

imm32

oleacc

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

wldap32

crypt32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 32KB - Virtual size: 87KB

.pdata Size: 91KB - Virtual size: 90KB

text Size: 3KB - Virtual size: 2KB

data Size: 2KB - Virtual size: 1KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 32KB - Virtual size: 87KB

.pdata
Size: 91KB - Virtual size: 90KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB