MUHA7[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

MUHA7.exe
Size

1.8MB
MD5

47679202938f1a72b2ec63c9821a2a5c
SHA1

4a278a5a33108f151e5d4065491ee85309e43df2
SHA256

9923ebb3b0ce5086d3d0e94fe667869f180d21fc8beab82a84f421ec8d4ab3ec
SHA512

0884fc0fa082b478dbc567c29d9da718ca4bbf29799eb547e64f2db3646849c2d050de765008493fa4e676b0912e202843bf0be8a0b82db50954d95acc3b30fe
SSDEEP

24576:/9UsnRcrqGbHct8hH0Kc/hlHD4KPa0c3o8rRSOG/F+ZP0nkbEJa+E2fQsJLv:mORcrq+GKcHHDRIow4vngwa/2Isd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MUHA7.exe

Files

MUHA7.exe
.exe windows:6 windows x64 arch:x64

4f3dcf07b982c96684a353883a819e34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\MUHA7\Desktop\j loader\examples\example_win32_directx11\Release\MUHA7.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualQueryEx
IsDebuggerPresent
GetTickCount
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
DeleteCriticalSection
VirtualAllocEx
Beep
GetSystemInfo
CloseHandle
Process32Next
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleFileNameA
CreateFileMappingW
VirtualProtect
CreateThread
HeapSize
GetLastError
Sleep
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
InitializeCriticalSectionEx
GetCurrentProcess
WriteProcessMemory
Process32First
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
HeapDestroy
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
CreateFileW
CreateFileMappingA
UnmapViewOfFile
CreateFileA
GetFileSizeEx
ReadFile
HeapAlloc
HeapReAlloc
HeapFree
IsProcessorFeaturePresent
GlobalAlloc
MultiByteToWideChar
GetProcessHeap
MapViewOfFile

user32

GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
CloseClipboard
EmptyClipboard
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
GetClipboardData
LoadCursorA
GetKeyState
UpdateWindow
PostQuitMessage
PeekMessageA
LoadIconA
TranslateMessage
DefWindowProcA
MoveWindow
MessageBoxA
ShowWindow
RegisterClassExW
UnregisterClassW
GetSystemMetrics
CreateWindowExW
GetWindowRect
SetClipboardData
DispatchMessageA
OpenClipboard

advapi32

AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
CopySid
GetTokenInformation
InitializeAcl
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
OpenProcessToken
IsValidSid

shell32

ShellExecuteA

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord217
ord143
ord46
ord211
ord35
ord30
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord79
ord200
ord301

crypt32

CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CryptQueryObject
CertGetNameStringA
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateChainEngine

ws2_32

sendto
closesocket
accept
recv
htonl
send
listen
WSAGetLastError
bind
connect
getpeername
getsockname
ioctlsocket
__WSAFDIsSet
getsockopt
htons
ntohs
WSACleanup
setsockopt
socket
select
WSASetLastError
ntohl
WSAIoctl
gethostname
WSAStartup
recvfrom
freeaddrinfo
getaddrinfo

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strrchr
__intrinsic_setjmp
__C_specific_handler
__current_exception_context
__current_exception
strchr
_CxxThrowException
memcmp
memchr
memset
memmove
memcpy
longjmp

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vsprintf
__p__commode
_lseeki64
fflush
fread
__stdio_common_vsscanf
fclose
feof
_read
fputs
fopen
_write
_close
_open
__stdio_common_vfprintf
ftell
_popen
_pclose
fgets
fseek
fputc
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
_set_fmode
fsetpos
ungetc
fgetc
setvbuf
fgetpos
fwrite

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strcmp
strcpy_s
strncmp
_strdup
strncpy
strpbrk
tolower
strcspn
strspn
isupper

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
calloc
malloc
free
_msize
_callnewh

api-ms-win-crt-runtime-l1-1-0

strerror
system
exit
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
_invalid_parameter_noinfo_noreturn
_wassert
_beginthreadex
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
_errno
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtol
atoi
strtod
strtoul

api-ms-win-crt-math-l1-1-0

sqrtf
acosf
_dclass
ceilf
cos
cosf
fmodf
pow
powf
roundf
sin
sinf
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_access
_fstat64
_unlink
_unlock_file
_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3dcf07b982c96684a353883a819e34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

kernel32

user32

advapi32

shell32

msvcp140

imm32

dwmapi

ntdll

urlmon

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 321KB - Virtual size: 320KB

.data Size: 321KB - Virtual size: 324KB

.pdata Size: 51KB - Virtual size: 50KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 321KB - Virtual size: 320KB

.data
Size: 321KB - Virtual size: 324KB

.pdata
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB