stateye[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stateye.exe
Size

1.5MB
MD5

b60b713600beb3005e1929737e650bb4
SHA1

ccbd9f0008d160d5cb6a85c34931e44802996ff3
SHA256

90b72c158c5d946be912c410f731133850c143b4bcc4d2562d55d655145e7894
SHA512

276bdf619a8388fe00aa67ec7b9e5643b4e5dec40e58f411a41239001c08d55af74aba38682ca0c1cd066ec7c9b0a492481ddde8b9d5d6be724a2db2185f69e0
SSDEEP

24576:AAUQVSiuF6WPmYoWjtH3QIebMQn652KOM:zUQG6WjoctXzeno

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stateye.exe

Files

stateye.exe
.exe windows:6 windows x64 arch:x64

06d6425578b5de3b410aa7db69224d62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetThreadStackGuarantee
ReleaseSRWLockShared
AcquireSRWLockShared
GetModuleHandleA
AcquireSRWLockExclusive
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetFullPathNameW
CreateFileW
SwitchToThread
SetFileCompletionNotificationModes
CreateIoCompletionPort
InitializeSListHead
CreateThread
AddVectoredExceptionHandler
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
SetHandleInformation
SleepConditionVariableSRW
WakeConditionVariable
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
PostQueuedCompletionStatus
RtlVirtualUnwind
ReleaseSRWLockExclusive
Sleep
IsDebuggerPresent
GetQueuedCompletionStatusEx
ReleaseMutex
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetFileInformationByHandleEx
GetLastError
GetFileInformationByHandle
HeapReAlloc
CloseHandle
WakeAllConditionVariable
GetCurrentProcessId
HeapAlloc
GetProcessHeap
HeapFree
IsProcessorFeaturePresent

bcrypt

BCryptGenRandom

advapi32

CredReadW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

ws2_32

WSASend
WSASocketW
bind
connect
send
getsockopt
shutdown
getaddrinfo
setsockopt
freeaddrinfo
WSAStartup
closesocket
WSACleanup
getpeername
recv
WSAIoctl
getsockname
WSAGetLastError
ioctlsocket

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx
NtWriteFile
NtReadFile

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertDuplicateCertificateContext
CertOpenStore
CertDuplicateStore
CertFreeCertificateContext
CertCloseStore

secur32

InitializeSecurityContextW
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcquireCredentialsHandleA
ApplyControlToken
AcceptSecurityContext
QueryContextAttributesW
DecryptMessage

vcruntime140

memset
__current_exception_context
__current_exception
__C_specific_handler
memcpy
__CxxFrameHandler3
memmove
memcmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_set_app_type
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_seh_filter_exe
terminate
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06d6425578b5de3b410aa7db69224d62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

bcrypt

advapi32

ws2_32

ntdll

crypt32

secur32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 417KB - Virtual size: 416KB

.data Size: 512B - Virtual size: 856B

.pdata Size: 18KB - Virtual size: 18KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 417KB - Virtual size: 416KB

.data
Size: 512B - Virtual size: 856B

.pdata
Size: 18KB - Virtual size: 18KB

.reloc
Size: 7KB - Virtual size: 6KB