pa_tool[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pa_tool.exe
Size

11.7MB
MD5

7fe100053474b54071c22626607d3d89
SHA1

f205b249012570195908ccb9ca387d6c3c09726b
SHA256

e7aef545fd1b7ee09fe6df856eba8630e7850fdc6136d75ae9aeeb15fe065097
SHA512

23b57e6ca1408940cb83a6a0115f57e435c975106f02841d4e5903bf99a314fde184ec0fafc9ce8986f48e7bd105b206a97c4cf1bf558ff619784a11d51eb24c
SSDEEP

98304:IAkPpFH+oekF158d1pJg6R3nVTVugoH8QjUYfv2ssRXCl0mfJcttznvSWjSw/d41:7DkFknRDTVZoPQUwFCPfJcbzKWuwes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pa_tool.exe

Files

pa_tool.exe
.exe windows:6 windows x64 arch:x64

006b4d6f9b7afc81d67f6602d53bfd5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlCaptureContext
NtCancelIoFileEx

kernel32

ReleaseSRWLockExclusive
GlobalUnlock
GlobalLock
Sleep
AcquireSRWLockExclusive
SetWaitableTimer
AcquireSRWLockShared
CreateWaitableTimerExW
ReleaseSRWLockShared
WaitForSingleObject
GlobalFree
GlobalSize
HeapReAlloc
MultiByteToWideChar
GetCurrentThreadId
GlobalAlloc
GetProcAddress
PostQueuedCompletionStatus
ReleaseMutex
LoadLibraryA
WaitForSingleObjectEx
CreateMutexA
HeapFree
GetProcessHeap
SetThreadErrorMode
LoadLibraryExW
SwitchToThread
LoadLibraryW
QueryPerformanceCounter
ExitProcess
WriteFileEx
SleepEx
ReadFileEx
CreateThread
CreateNamedPipeW
FreeLibrary
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetCurrentProcessId
GetModuleHandleA
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DuplicateHandle
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
HeapAlloc
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetSystemDirectoryW
GetModuleFileNameW
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindClose
FindFirstFileW
GetFullPathNameW
GetFileInformationByHandleEx
GetSystemInfo
CloseHandle
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetFileInformationByHandle
SetFileInformationByHandle
SetHandleInformation
CreateFileW
GetCurrentThread
IsProcessorFeaturePresent
GetConsoleMode
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetCurrentProcess
GetEnvironmentVariableW

user32

AdjustWindowRectEx
GetWindowLongW
GetKeyboardState
ShowWindow
GetSystemMenu
EnableMenuItem
SetWindowLongW
ChangeDisplaySettingsExW
GetKeyboardLayout
SetWindowPlacement
SetCapture
MsgWaitForMultipleObjectsEx
TranslateMessage
GetMonitorInfoW
EnumDisplayMonitors
MapVirtualKeyW
SendInput
SetForegroundWindow
GetClipCursor
ClipCursor
ShowCursor
MapVirtualKeyA
DispatchMessageW
DefWindowProcW
GetMessageW
RegisterWindowMessageA
SystemParametersInfoA
PostThreadMessageW
IsIconic
PeekMessageW
SetCursor
ClientToScreen
GetWindowRect
LoadCursorW
CloseTouchInputHandle
CallWindowProcW
RegisterRawInputDevices
ScreenToClient
DestroyIcon
GetRawInputData
GetTouchInputInfo
MonitorFromRect
GetWindowPlacement
DestroyWindow
GetMenu
ValidateRect
TrackMouseEvent
GetUpdateRect
GetClassNameW
IsProcessDPIAware
MonitorFromWindow
RegisterTouchWindow
SetWindowDisplayAffinity
CreateWindowExW
RegisterClassExW
GetClassInfoExW
FlashWindowEx
InvalidateRgn
SetWindowPos
CreateIconFromResourceEx
GetForegroundWindow
ReleaseCapture
GetCursorPos
SetWindowTextW
SendMessageW
GetSystemMetrics
GetActiveWindow
GetClientRect
ReleaseDC
RemovePropW
ToUnicodeEx
GetPropW
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
PostMessageW
SetWindowLongPtrW
SetPropW
GetKeyState
GetDC
CloseClipboard
CreateIcon
RedrawWindow
GetWindowLongPtrW

uiautomationcore

UiaLookupId
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaRaiseAutomationPropertyChangedEvent
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd

oleaut32

SafeArrayCreateVector
SysFreeString
GetErrorInfo
SysStringLen
SafeArrayPutElement
SetErrorInfo
SysAllocStringLen

opengl32

wglShareLists
wglCreateContext
wglGetProcAddress
wglGetCurrentDC
wglGetCurrentContext
wglDeleteContext
wglMakeCurrent

gdi32

DescribePixelFormat
CreateRectRgn
ChoosePixelFormat
SetPixelFormat
DeleteObject
SwapBuffers
GetDeviceCaps

shlwapi

AssocQueryStringW

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext

dwmapi

DwmEnableBlurBehindWindow

ole32

RegisterDragDrop
OleInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
RevokeDragDrop

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

ws2_32

getsockopt
WSAIoctl
getpeername
recv
WSASend
send
closesocket
WSAGetLastError
shutdown
getsockname
WSASocketW
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
ioctlsocket
setsockopt
connect
bind

secur32

DecryptMessage
QueryContextAttributesW
ApplyControlToken
EncryptMessage
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleA

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateChain
CertDuplicateStore
CertCloseStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext

uxtheme

SetWindowTheme

shell32

DragFinish
DragQueryFileW

vcruntime140

memset
__C_specific_handler
__CxxFrameHandler3
memmove
memcmp
__current_exception_context
memcpy
__current_exception

api-ms-win-crt-math-l1-1-0

floorf
trunc
ceilf
fmax
pow
floor
cbrtf
round
fminf
acosf
__setusermatherr
atan2f
fmaxf
exp2f
cosf
_hypotf
roundf
expf
sinf
powf
ceil
fmin

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_c_exit
_exit
exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_set_app_type
_crt_atexit
_seh_filter_exe
terminate
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

006b4d6f9b7afc81d67f6602d53bfd5d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

uiautomationcore

oleaut32

opengl32

gdi32

shlwapi

imm32

dwmapi

ole32

winmm

bcrypt

advapi32

ws2_32

secur32

crypt32

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 9.7MB - Virtual size: 9.7MB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 50KB - Virtual size: 49KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 9.7MB - Virtual size: 9.7MB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 50KB - Virtual size: 49KB

.reloc
Size: 13KB - Virtual size: 13KB