Heather[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Heather.exe
Size

221KB
MD5

5c2914dc76c7fda438e4b045490ac467
SHA1

8be218e42d40e3f6bfb2762460b4494da18d5d58
SHA256

acc13995206ddc21370f4bb9cb2c8bdad2f9370114e62d0fa12bfb29766a233f
SHA512

e8bc9cc3f8addc4dc09290d2de1fb27a9f01e201660e185d219cad64a8f23237c10470020d4d61e4024d85190145853514de4eddaa11aea5e83976ac9ed33d91
SSDEEP

3072:+GQq2eYpkwenb/ezWvCoNpUckwLvU/b0xhJl3imtSBF21:+Q2eYp3A/ezQL6Y5l9tSBF21

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Heather.exe

Files

Heather.exe
.exe windows:6 windows x86 arch:x86

c42d9e957c9189b9bbfc583e2bc57bb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\El Gringo Loco\Source\Workspaces\CsGoRealism\Heather\Release\Heather.pdb

Imports

kernel32

WriteProcessMemory
SetConsoleTextAttribute
SetConsoleTitleA
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleA
SetConsoleWindowInfo
Sleep
Process32First
GetCurrentProcess
CloseHandle
Thread32Next
Thread32First
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
ReadProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
Module32Next
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InitializeSListHead

user32

GetAsyncKeyState
FindWindowA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

vcruntime140

_except_handler4_common
__std_terminate
memset
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_initterm_e
_initterm
_set_app_type
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
terminate
_controlfp_s
_crt_atexit
_get_initial_narrow_environment
__p___argc
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c42d9e957c9189b9bbfc583e2bc57bb3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 32B

.rsrc Size: 203KB - Virtual size: 203KB

.reloc Size: 1024B - Virtual size: 996B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 32B

.rsrc
Size: 203KB - Virtual size: 203KB

.reloc
Size: 1024B - Virtual size: 996B