malware[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware.exe
Size

2.5MB
MD5

e262fef156af8b093f194376c11105f0
SHA1

285d1974ac0abcbf08fe6269fd16e7705355207c
SHA256

b352cb2b357fae3770bc199ac32e94f9ef6f995bfeea6a70f1f8851d3c2d3096
SHA512

4b6f5dbdc2f870d31993ab98f4cb47e41ddfaaae54680d452951947aa967c3bb7feaa80c8fcc0baf2fd71f995f2d633b1c5586eaa21a270a3f7055b66b5c30e5
SSDEEP

24576:YbOwcwt6082eWHSzJuf1WvCHvb7G1H+qbZwk5NrZi3I8WeKPl0sbfB:YbODwt6MeWHSdAWaT7wH/bh1qULB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
malware.exe

Files

malware.exe
.exe windows:6 windows x64 arch:x64

b93f27829bca1e5af53588f050c148c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

GetDeviceCaps

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateFreeThreadedMarshaler
CoInitialize
CoTaskMemAlloc
CoWaitForMultipleHandles
CoInitializeSecurity

oleaut32

SysAllocString
SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
VariantClear

ntdll

RtlGetVersion
RtlUnwindEx
VerSetConditionMask
RtlUnwind

dwmapi

DwmSetWindowAttribute

ws2_32

WSAGetLastError
WSAAddressToStringW
WSASetLastError
shutdown
ntohs
WSARecv
setsockopt
WSAStringToAddressW
WSASocketW
ntohl
WSAStartup
listen
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
closesocket
bind
WSACleanup
WSASend

mswsock

AcceptEx
GetAcceptExSockaddrs

kernel32

IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
EnumSystemLocalesW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
WriteConsoleW
GetFileType
GetStdHandle
InterlockedPushEntrySList
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetUserDefaultLCID
GetDriveTypeW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcess
GetCurrentThreadId
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoW
CreateActCtxA
ActivateActCtx
DeactivateActCtx
MultiByteToWideChar
WideCharToMultiByte
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
LocalFree
FormatMessageA
CloseHandle
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIoEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
TlsGetValue
TlsSetValue
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
TerminateProcess
OpenProcess
CreateFileW
GetFileSizeEx
DecodePointer
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
GetFileInformationByHandleEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
GetModuleHandleW
EnumResourceNamesW
SetFileAttributesA
ExitProcess
GetModuleFileNameA
LoadLibraryExW
GetEnvironmentVariableA
GetFileAttributesA
GetSystemTimeAsFileTime
GetNativeSystemInfo
QueryPerformanceFrequency
GetLogicalProcessorInformation
GlobalMemoryStatusEx
ReadDirectoryChangesW
ReadFile
WriteFile
SetHandleInformation
CreatePipe
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeA
InitializeCriticalSection
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
GetEnvironmentVariableW
RtlPcToFileHeader
QueryPerformanceCounter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetExitCodeThread
SetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
CopyFileW
MoveFileExW
CreateHardLinkW
CreateSymbolicLinkW
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW

user32

LoadIconW
DestroyIcon
GetMessageW
PostThreadMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
IsWindowVisible
IsZoomed
GetSystemMetrics
TrackPopupMenu
GetMenuItemInfoW
SetForegroundWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyMenu
GetWindowRect
GetWindowLongW
GetForegroundWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetDesktopWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
GetRawInputDeviceList
GetDC
EnumDisplaySettingsW
EnumDisplayDevicesW
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
CreatePopupMenu
SendMessageW
GetCursorPos
GetWindowThreadProcessId
EnumWindows
FindWindowW
UpdateWindow
InsertMenuItemW
SetWindowLongW
InsertMenuW
MessageBoxW
GetActiveWindow
PeekMessageW
DispatchMessageW
GetClientRect
TranslateMessage

advapi32

RegOpenKeyExA
RegQueryValueExA
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetKnownFolderPath
Shell_NotifyIconW

shlwapi

ord12
PathFindFileNameA
PathRemoveFileSpecW

gdiplus

GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateBitmapFromStream

Sections

.text
Size: 1.9MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b93f27829bca1e5af53588f050c148c7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

version

ole32

oleaut32

ntdll

dwmapi

ws2_32

mswsock

kernel32

user32

advapi32

shell32

shlwapi

gdiplus

Sections

.text Size: 1.9MB - Virtual size: 1.8MB

.rdata Size: 464KB - Virtual size: 463KB

.data Size: 50KB - Virtual size: 65KB

.pdata Size: 162KB - Virtual size: 162KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.9MB - Virtual size: 1.8MB

.rdata
Size: 464KB - Virtual size: 463KB

.data
Size: 50KB - Virtual size: 65KB

.pdata
Size: 162KB - Virtual size: 162KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 8KB - Virtual size: 8KB