Static task
static1
General
-
Target
CommXPC.exe
-
Size
4.7MB
-
MD5
4935635a5af52bd44e4712820682cae4
-
SHA1
65e4c727d1471d6abad7b19984f72de601bb799b
-
SHA256
c8552224e7b095d881b0cee4b38c165a672b5099463fbe717f20490af915addd
-
SHA512
6d55783f4d9ff3612721e6824452e5bd2ed6c3b6374f88588c774f41e1ed1862beb6869614a6bda489902335490d089824d8e9d22936ed8f600e8a7a566da534
-
SSDEEP
98304:sqX1W6WjX4xlzBndglKL5019snjwEd6XzrmC1qVr:sQ1W62cfdgliksnFd6Xz6C1qV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CommXPC.exe
Files
-
CommXPC.exe.exe windows:4 windows x86 arch:x86
5429dec7eed232b986ca8c93cee3dafe
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ord17
d3d9
Direct3DCreate9
kernel32
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CreateFileW
GetVersionExA
UnmapViewOfFile
VirtualFree
VirtualAlloc
OutputDebugStringA
GetCurrentThreadId
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
GetVolumeInformationA
GetCurrentProcessId
GetTickCount
InterlockedDecrement
InterlockedIncrement
MulDiv
FreeLibrary
GetOverlappedResult
SetErrorMode
GetDiskFreeSpaceA
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
CreateProcessW
GetExitCodeProcess
IsBadCodePtr
VirtualProtect
GetOEMCP
GetACP
FlushFileBuffers
LCMapStringW
LCMapStringA
IsBadWritePtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCPInfo
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
UnhandledExceptionFilter
VirtualQuery
GetFileAttributesW
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetLastError
IsProcessorFeaturePresent
GetSystemInfo
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcmpiA
WideCharToMultiByte
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
Sleep
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
DeleteFileA
GetLocalTime
CreateDirectoryW
GetCurrentDirectoryW
SetLastError
TlsAlloc
HeapSize
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
ResumeThread
ExitThread
RaiseException
RtlUnwind
GetSystemTime
ReleaseSemaphore
GetComputerNameA
GetSystemTimeAsFileTime
GetLocaleInfoA
CreateProcessA
GetFileAttributesA
SetFilePointer
WriteFile
ReadFile
ReleaseMutex
GlobalMemoryStatus
IsBadReadPtr
GetCurrentProcess
SetCurrentDirectoryW
GetCurrentDirectoryA
ExitProcess
CreateMutexA
CreateThread
SetThreadPriority
WaitForSingleObject
GetCurrentThread
GetPriorityClass
GetThreadPriority
CloseHandle
GetProcessAffinityMask
SetPriorityClass
SetProcessAffinityMask
CreateSemaphoreA
user32
SetForegroundWindow
MessageBoxW
GetKeyboardLayout
GetForegroundWindow
FindWindowA
ClientToScreen
IsWindow
GetActiveWindow
MapVirtualKeyA
VkKeyScanA
ToUnicode
TranslateMessage
PeekMessageA
DispatchMessageA
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
MoveWindow
GetSystemMetrics
AdjustWindowRect
MessageBoxA
GetDesktopWindow
SetFocus
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
GetDoubleClickTime
SendMessageA
GetDlgItem
SetWindowTextA
DrawTextExW
FillRect
DrawTextExA
InvertRect
IsIconic
GetMenu
AdjustWindowRectEx
SetWindowPos
SetWindowLongA
GetClientRect
GetWindowRect
GetWindowLongA
DestroyWindow
GetWindowTextA
gdi32
CreateCompatibleDC
CreateDIBSection
GdiFlush
SetBkColor
DeleteDC
SetMapMode
SetBkMode
SelectObject
SetTextColor
GetStockObject
GetObjectA
CreateFontIndirectA
CreateRectRgn
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
DeleteObject
CreateBrushIndirect
advapi32
RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
ws2_32
htonl
ntohl
inet_ntoa
htons
ntohs
gethostname
WSACleanup
WSAStartup
WSAWaitForMultipleEvents
WSAResetEvent
inet_addr
WSACloseEvent
ioctlsocket
setsockopt
WSAGetLastError
WSASocketA
getsockname
bind
WSASendTo
WSARecvFrom
WSAGetOverlappedResult
WSACreateEvent
gethostbyname
closesocket
winmm
timeGetTime
dinput8
DirectInput8Create
dsound
ord6
ord11
ord9
ord2
binkw32
_BinkSetVolume@12
_BinkClose@4
_BinkPause@8
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkDoFrame@4
_BinkWait@4
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkSetMemory@8
_BinkSetSoundTrack@8
_BinkOpen@8
vorbisfile
ov_clear
ov_time_total
ov_open_callbacks
ov_pcm_seek_lap
ov_info
ov_read
shell32
SHGetFolderPathW
ole32
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitialize
Sections
.text Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_rwcseg Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 432KB - Virtual size: 428KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 96KB - Virtual size: 162KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_rwdseg Size: 4KB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ