Element[.]aex | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Element.aex
Size

9.1MB
MD5

9321c9fe220307c22afa82294ccb6d50
SHA1

3e3903809f2fa28e1585ed62311f6aafd3a865fb
SHA256

1b5e2244aa8a9ca4bbc5f00db7852de1f831b8b73679bf60609ea5da1d347319
SHA512

4b9b0d5a68f632009a5980754e65a974776860c64226daa95dda06bb51afdc10d33e04bf5e4b86bc9e583ee85e7d303aae4fdbbcf8bcd426c5ab62bc416e9bdd
SSDEEP

98304:ypPoUZhCymJQmAnNzi3iKOtw6m9+uuoiYO7o3FIGy:ySUroJfOliYtwB9SU1IL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Element.aex

Files

Element.aex
.dll windows:6 windows x64 arch:x64

Password: infected

084f1d8e887a51200544cccdb0c12d7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\VideoCopilot\Repositories\element2\element\Win\x64\Release\Element.pdb

Imports

opengl32

glGetTexLevelParameteriv
glGetIntegerv
glGetError
glTexSubImage2D
glDrawArrays
glDrawElements
glPolygonOffset
glClearDepth
glColorMask
glClear
glClearColor
glReadBuffer
glViewport
glTexParameterf
glDepthMask
glPointSize
glPolygonMode
wglGetCurrentContext
glDisable
glFrontFace
glCullFace
glEnable
glDeleteTextures
glTexImage2D
glBindTexture
glGenTextures
wglMakeCurrent
wglGetCurrentDC
glPixelStorei
wglCreateContext
wglGetProcAddress
wglDeleteContext
glGetString
glGetFloatv
glBlendFunc
glReadPixels
glFinish
glTexParameteri

glu32

gluTessCallback
gluDeleteTess
gluTessEndPolygon
gluTessEndContour
gluTessVertex
gluTessBeginContour
gluNewTess
gluTessProperty
gluTessBeginPolygon

ws2_32

gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
ntohs
getsockopt
getsockname
getpeername
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
socket
htons
inet_addr
connect
bind
WSAStartup
listen
setsockopt
send
recv
accept
closesocket

dwrite

DWriteCreateFactory

d2d1

ord1

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
HeapSize
WriteConsoleW
CreateSemaphoreA
HeapReAlloc
GetWindowsDirectoryW
VirtualProtect
HeapFree
VirtualFree
VirtualAlloc
LoadLibraryA
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetEnvironmentVariableW
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
SetFilePointerEx
SetEndOfFile
GetFileSize
CreateFileMappingW
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CloseHandle
CreateDirectoryW
GetCurrentProcess
GetTempPathW
GetCurrentThreadId
GetLocalTime
GetCurrentProcessId
GetShortPathNameW
GetLongPathNameW
GlobalMemoryStatusEx
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateSemaphoreW
ReleaseSemaphore
GetSystemTimeAsFileTime
GetFileAttributesExW
Sleep
FindFirstFileW
FindClose
FindNextFileW
GetLastError
LocalFree
ExitProcess
GetCurrentThread
GetThreadTimes
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
FormatMessageA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FreeEnvironmentStringsW
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
IsDebuggerPresent
DebugBreak
FileTimeToLocalFileTime
FileTimeToSystemTime
InitializeCriticalSection
SetEvent
SwitchToThread
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
FreeConsole
SetConsoleTitleA
AllocConsole
WriteConsoleA
ResetEvent
CreateEventA
CreateThread
FindFirstFileA
FindNextFileA
GetModuleFileNameA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
ResumeThread
ExitThread
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
GetDriveTypeW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetTickCount
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
DuplicateHandle
MulDiv
GetFileAttributesW
TryEnterCriticalSection
ExpandEnvironmentStringsA
SetLastError
RtlUnwind

user32

CreateCaret
MapVirtualKeyW
GetClipboardData
AppendMenuA
AppendMenuW
SetWindowPos
SetWindowTextW
GetClassInfoW
GetDesktopWindow
CreateWindowExW
GetDC
ReleaseDC
MessageBoxA
DestroyWindow
MessageBoxW
GetFocus
MonitorFromWindow
GetKeyboardLayout
PostMessageW
SendMessageW
SendNotifyMessageW
GetCapture
GetWindowLongPtrW
DefWindowProcW
LoadCursorW
RegisterClassExW
SetWindowLongPtrW
GetClientRect
MoveWindow
BeginPaint
EndPaint
GetWindowDC
CreatePopupMenu
DestroyMenu
ClientToScreen
TrackPopupMenuEx
DestroyCaret
SetMenuItemInfoW
RedrawWindow
UpdateWindow
IsWindowVisible
ShowWindow
EnableWindow
IsWindowEnabled
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
SetFocus
GetWindowRect
ScrollWindow
ValidateRect
CallWindowProcW
SetCursor
GetWindowTextLengthW
GetWindowTextW
SetTimer
KillTimer
OpenClipboard
EmptyClipboard
SetClipboardData
SetLayeredWindowAttributes
GetForegroundWindow
CloseClipboard
GetKeyState
GetWindow
SetActiveWindow
GetUpdateRect
InvalidateRect
TrackMouseEvent
AdjustWindowRectEx
WaitMessage
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
IsZoomed
InsertMenuItemW
MessageBeep
GetMonitorInfoW
SetWindowLongW
GetWindowLongW

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
SetTextColor
SetBkMode
CreateCompatibleBitmap
BitBlt
ChoosePixelFormat
SetPixelFormat
SwapBuffers
CreateFontIndirectW
CreateCompatibleDC
SelectObject
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptDestroyHash
CryptHashData
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptCreateHash

shell32

DragFinish
DragQueryFileW
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
DragAcceptFiles
SHCreateItemFromParsingName
SHBrowseForFolderW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
ReleaseStgMedium
OleUninitialize
OleInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateGuid

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocString

shlwapi

PathIsRelativeW
SHRegGetValueW

imm32

ImmAssociateContext
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME
ImmIsIME
ImmGetCompositionStringW
ImmGetContext
ImmGetVirtualKey
ImmReleaseContext

opencl

clGetDeviceInfo
clGetProgramBuildInfo
clBuildProgram
clCreateProgramWithSource
clReleaseProgram
clReleaseKernel
clEnqueueReadBuffer
clCreateCommandQueue
clCreateContext
clGetDeviceIDs
clGetPlatformInfo
clGetExtensionFunctionAddressForPlatform
clGetPlatformIDs
clFlush
clEnqueueUnmapMemObject
clEnqueueMapBuffer
clReleaseContext
clReleaseCommandQueue
clReleaseMemObject
clCreateKernel
clCreateBuffer
clSetKernelArg
clEnqueueWriteBuffer
clFinish
clCreateFromGLTexture2D
clCreateFromGLRenderbuffer
clEnqueueAcquireGLObjects
clEnqueueNDRangeKernel
clEnqueueReleaseGLObjects

gdiplus

GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreatePen1
GdipDeleteFont
GdipDeletePen
GdipCreateFromHWND
GdipSetWorldTransform
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipBitmapLockBits
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipDeleteGraphics
GdipFillRectangleI
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipMeasureString
GdipDrawEllipseI
GdipDrawImageRectRectI
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipGetLogFontW
GdipSetClipRectI
GdipDrawRectangleI
GdipCreateLineBrushFromRectI
GdipSetLineWrapMode
GdipBitmapUnlockBits
GdipDrawLineI
GdipCreateFontFamilyFromName
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

dbghelp

MiniDumpWriteDump

winmm

timeGetTime

wldap32

ord32
ord33
ord35
ord79
ord30
ord26
ord301
ord50
ord60
ord211
ord46
ord143
ord22
ord27
ord200
ord41

Exports

Exports

PluginMain

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

084f1d8e887a51200544cccdb0c12d7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

glu32

ws2_32

dwrite

d2d1

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

opencl

gdiplus

bcrypt

dbghelp

winmm

wldap32

Exports

Exports

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 328KB - Virtual size: 629KB

.pdata Size: 224KB - Virtual size: 224KB

_RDATA Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 328KB - Virtual size: 629KB

.pdata
Size: 224KB - Virtual size: 224KB

_RDATA
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 28KB - Virtual size: 27KB