conmie[.]exe_ | Triage

General

Target

conmie.exe_
Size

72KB
MD5

e34083ce615c8309e240774cd31360df
SHA1

6364888de5306eedda0df8ed0abbfbdcafd5e9df
SHA256

2ec1d15f0e8c0ebcebc30951c9d48d1c29a50c64a3e7df41a300b3de2c73c6db
SHA512

0c1848587df81f15b0b869988370072fab4cef70d87496973dd7dd46d9dfdbb19a7d50428902f68f5d018316675d479b104d2dc40faa4b432028c894b0d9e22c
SSDEEP

768:Q4rq7S4u/XaZCK6KvPS/FKM3mwYeDGu0n49mV/zjT5tNvxnwHeLrsZkvimczUlhD:QqUZva9x3mHfhzjT5tF6He3nv7Pztn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
conmie.exe_

Files

conmie.exe_
.exe windows:4 windows x86 arch:x86

b16362035ed58fefcc32578923cddb6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
Sleep
ReadFile
SetFilePointer
ExitThread
GetFileSize
GetLastError
CreateFileW
CloseHandle
FlushFileBuffers
WriteFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetModuleHandleW
MultiByteToWideChar
GetSystemDefaultLangID
GetComputerNameW
CreateThread
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW

advapi32

RegOpenKeyExW

shell32

ShellExecuteW

ws2_32

closesocket
send
htons
socket
recv
WSAStartup
gethostname
WSACleanup
gethostbyname
inet_ntoa
select
connect

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b16362035ed58fefcc32578923cddb6f

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 41KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 41KB