xml1[.]exe | Triage

Resubmissions

13-07-2024 07:04

240713-hwfcesshqg 10

13-07-2024 06:54

240713-hn9w3azhnj 10

24-08-2023 07:19

230824-h5hh5sah24 10

Sharing

Copy URL

Twitter E-mail

General

Target

xml1.exe
Size

396KB
MD5

8503ea92f4c9941ee3295978729d98ba
SHA1

d04dfbc5b1335c8408ffb5c58bd966791f748ad3
SHA256

1e0215f67fb7b02bc44f33bf6a5b884c3061cbeb38e0150b559635458951fa53
SHA512

a5dade77d81f3fc49b46d828ea653d55b921e8b65b455dd0a1fa7eba7880b3a86deff0aafd21276a86eb95be948ab61da9771343ccbc24164b31c3a5b18edaa5
SSDEEP

6144:omPt4BMS4GhUjjF0CBTTFCIRroPHQJ/s5xi8uwytwnhJCAfYrewWvoKMyDftxQib:ZPt4BMsOvpAHQJ0G8CAfWWvo1im

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

xml1.exe

resource
xml1.exe

Files

xml1.exe
.exe windows:4 windows x86 arch:x86

cd46b7aed718803156f54c0576fe8371

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
HeapFree
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
TerminateProcess
HeapSize
HeapReAlloc
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
ReadFile
InterlockedExchange
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetLastError
LocalFree
GlobalFree
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
WriteFile
CloseHandle
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcatA
GetVersion
LoadLibraryExW
LoadLibraryExA
GetProcAddress
SizeofResource
GetCurrentProcess
lstrcpynA
lstrlenA
FreeEnvironmentStringsA
Sleep

user32

UpdateWindow
PostMessageA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
CreateDialogIndirectParamA
EndDialog
GetClassNameA
GetSysColorBrush
DestroyMenu
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
IsWindowVisible
GetTopWindow
MessageBoxA
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
LoadCursorA
CopyIcon
GetDC
ReleaseDC
IsWindow
GetMessagePos
PtInRect
SetTimer
MessageBeep
SetWindowLongA
KillTimer
GetSystemMenu
LoadIconA
EnableWindow
FillRect
GetWindowRect
GetClientRect
SetCursor
GetWindowLongA
DrawStateA
CopyRect
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
PeekMessageA
SendMessageA
GetCursorPos
ScreenToClient
GetActiveWindow
GetParent
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
InvalidateRect
GetIconInfo
RedrawWindow
LoadImageA
DestroyCursor
CallNextHookEx
UnregisterClassA

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
SetBkColor
SaveDC
GetDeviceCaps
CreatePen
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SetTextColor
DeleteDC
GetObjectA
GetStockObject
BitBlt
GetClipBox
SetStretchBltMode
SetDIBitsToDevice
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

comctl32

ord17

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

cd46b7aed718803156f54c0576fe8371

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 232KB - Virtual size: 228KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 232KB - Virtual size: 228KB