build[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

build.exe
Size

7.7MB
MD5

7255b804a27bd2ef917f23274759a40f
SHA1

584b6623912fb711738e29a0283ef5695330a713
SHA256

1daa83c5dc623883ff473b4d1f2f8c660df6ca779f5196ea2b18068ef5865fe4
SHA512

0d934e7ce9189d8e112473b04a9dc10d24600b19cd7bca85d18b803540a0e8d6e665bf6e1b590f988e7785972b1ff1df77bf1bcfd3a0f80b80b1cf1ed2515506
SSDEEP

98304:l9KHKIv7ndpgz31k5zHt2Z7nTpZsTgSg2h+0d6sQQ1mOYUEmz/utF9x8kVcx:jhm7ndOz1d7nTpZ0gSg2h+IV/Rqnr8hx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
build.exe

Files

build.exe
.exe windows:4 windows x86 arch:x86

faa6959af9c9ea48a8c7866b8f87d65f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\NetworkProjectsPC\OblivionSE\Oblivion\Game\Oblivion.pdb

Imports

comctl32

ImageList_Destroy
ImageList_LoadImageA
InitCommonControlsEx

winmm

mmioAscend
mmioClose
mmioAdvance
mmioDescend
mmioOpenA
mmioRead
mmioGetInfo

kernel32

CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
SetStdHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
VirtualFree
GlobalMemoryStatus
GetCurrentThreadId
CreateFileA
CloseHandle
WriteFile
ReadFile
GetFileSize
SetFilePointer
GetCurrentProcessId
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetDriveTypeA
GetLogicalDriveStringsA
DuplicateHandle
GetCurrentThread
ReleaseSemaphore
WaitForSingleObject
GetTickCount
ExitProcess
CreateDirectoryA
Sleep
CopyFileA
GetPrivateProfileIntA
GetExitCodeThread
SetThreadPriority
ResumeThread
SuspendThread
CreateThread
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentProcess
GetSystemTime
SetLastError
SetEnvironmentVariableA
RaiseException
LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
CreateSemaphoreA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InterlockedCompareExchange
DebugBreak
OutputDebugStringA
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcatA
lstrcpyA
FileTimeToLocalFileTime
LocalFree
FormatMessageA
GetLocalTime
FlushFileBuffers
GetFileAttributesExA
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetModuleHandleA
GetFileAttributesA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
GetStdHandle
GetLastError
GetSystemInfo
SetHandleCount
GetFileType
GetACP
GetOEMCP
FreeLibrary
GetFullPathNameA
FreeEnvironmentStringsA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

GetDoubleClickTime
SwapMouseButton
MessageBoxA
ShowCursor
DefWindowProcA
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
GetClassLongA
GetWindowLongA
UpdateWindow
LoadCursorA
GetWindow
SetWindowPos
ShowWindow
SendMessageA
DestroyWindow
GetClientRect
FindWindowA
SetForegroundWindow
LoadIconA
RegisterClassA
AdjustWindowRect
GetActiveWindow

gdi32

GetStockObject

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

WSAAsyncSelect
listen
bind
setsockopt
WSAStartup
accept
__WSAFDIsSet
select
htons
ioctlsocket
gethostbyname
connect
send
recv
WSAGetLastError
socket
closesocket

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 195KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 441B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faa6959af9c9ea48a8c7866b8f87d65f

Headers

File Characteristics

PDB Paths

Imports

comctl32

winmm

kernel32

user32

gdi32

shell32

ole32

version

wsock32

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 870KB - Virtual size: 870KB

.data Size: 195KB - Virtual size: 679KB

.tls Size: 512B - Virtual size: 441B

.rsrc Size: 533KB - Virtual size: 533KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 870KB - Virtual size: 870KB

.data
Size: 195KB - Virtual size: 679KB

.tls
Size: 512B - Virtual size: 441B

.rsrc
Size: 533KB - Virtual size: 533KB