aa[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa.exe
Size

8.5MB
MD5

af793f15c8653ed239146765f17ac1dc
SHA1

2df1beb462faae63a3ccaf08c6c232195be2db8a
SHA256

12a9491c1abf621673201326990850b6fc8c350bbc46076044118fb973cdb0bc
SHA512

0965f293e9718edd93842b6f120fdb5ac5e88b015d5ef3096f9136496ccd1b3aa8bbc0386e5c59198647dc2a5a9168a9ce5f86f8c9404e4b2cc74b5d7f7d30c8
SSDEEP

98304:Vq88Q02tc52bLhH5rwnzD1lPEV5BBFHJq4UMSZRDodFexf:katc50LrwnzD1F0BDskTe9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa.exe

Files

aa.exe
.exe windows:6 windows x64 arch:x64

325338aeb8b4cf6ae4a5da34b301af24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\slave_win223\workspace\WinApp_APK_PC_Client_Release_test\home_storage\output\bin\x64\Release\MemoSpace.pdb

Imports

shlwapi

ord176
PathCanonicalizeW
PathRemoveFileSpecW
SHStrDupW
ord219
PathAppendW
PathFileExistsW

crypt32

CryptUnprotectData
CryptProtectData

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
CreateEventW
SetEvent
TerminateThread
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
SetLastError
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetSystemInfo
lstrcmpiW
GetStartupInfoW
GetSystemDirectoryW
LocalFree
GetFileTime
GetVersionExW
GetShortPathNameW
GetLongPathNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
MoveFileW
GetSystemTime
GetDiskFreeSpaceExA
SystemTimeToFileTime
SetFileTime
DeviceIoControl
GetFileAttributesW
Thread32First
Thread32Next
VirtualQuery
LoadLibraryExW
GetCurrentProcessId
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
CreateMutexW
GetProcessId
GetModuleFileNameW
GetSystemDefaultLCID
GetCurrentThreadId
SetFilePointer
WriteFile
ReadFile
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
WaitForSingleObject
CloseHandle
CreateFileW
FindClose
FindNextFileW
GetFileSizeEx
FindFirstFileW
OutputDebugStringW
SetFileAttributesW
CreateDirectoryW
CopyFileW
GetDiskFreeSpaceExW
GetModuleFileNameA
GetLocalTime
WritePrivateProfileStringW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
RemoveDirectoryW
Sleep
GetTickCount
GetModuleHandleW
DeleteCriticalSection
GetLastError
GetPrivateProfileStringW
InitializeCriticalSectionEx
GetTickCount64
VirtualProtect

user32

UnhookWindowsHookEx
SetWindowsHookExW
SetTimer
KillTimer
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassW
LoadCursorW
PostQuitMessage
BeginPaint
EndPaint
GetWindowThreadProcessId
GetPropW
AttachThreadInput
EnumWindows
IsZoomed
SetForegroundWindow
FindWindowW
GetSysColor
IntersectRect
SetWindowPos
SendMessageW
IsWindowVisible
ShowWindow
IsWindow
GetMessageW
SetParent
GetClientRect
InvalidateRect
DestroyWindow
PostThreadMessageW
RegisterClipboardFormatW
GetKeyState
ClientToScreen
PostMessageW
PostMessageA
SystemParametersInfoW
GetForegroundWindow
CloseWindow
GetWindowRect
MapWindowPoints
MoveWindow
SetPropW
LoadIconW
RegisterWindowMessageW
PtInRect
GetCursorPos
GetClassNameW
PeekMessageW
SetWindowTextW
IsIconic
EnableWindow
SetCursor
EqualRect
GetSystemMetrics
MonitorFromWindow
GetMonitorInfoW
GetParent
SetWindowLongW
SetFocus
GetDesktopWindow

gdi32

SetBkMode
SelectObject
DeleteObject
GetObjectW
DeleteDC
GdiFlush
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
BitBlt
GetDIBits
CreateDCW
GetTextExtentPoint32W

advapi32

GetFileSecurityW
RegOpenKeyExW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegSetValueExW
RegGetValueW
RegDeleteValueW
AccessCheck
RegCloseKey
MapGenericMask
DuplicateToken
OpenProcessToken
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHCreateItemFromParsingName
ord88
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
ord165
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetDesktopFolder
SHParseDisplayName
SHCreateItemWithParent
ord155
SHCreateShellItem
SHGetIDListFromObject
Shell_NotifyIconW
SHChangeNotify

ole32

OleUninitialize
CoInitializeEx
CoInitialize
ReleaseStgMedium
OleInitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoUninitialize
CoCreateInstance
OleDuplicateData

oleaut32

SysStringLen
SysAllocString
SysAllocStringByteLen
VariantClear
SysFreeString

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

325338aeb8b4cf6ae4a5da34b301af24

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 448KB - Virtual size: 448KB

.rsrc Size: 652KB - Virtual size: 651KB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 448KB - Virtual size: 448KB

.rsrc
Size: 652KB - Virtual size: 651KB

.reloc
Size: 80KB - Virtual size: 79KB