halo[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

halo.exe
Size

2.7MB
MD5

b7aa8f68829a33a9f0b87ec81425f5db
SHA1

ef621e7eaf361859784bef1de85181f38f02e0de
SHA256

c9acf0c469543283cfed6d7dc04ade976dbdfc7cb4532cf070386de169c19545
SHA512

99dd963dd0b9bea72e468f6476ddb7a73315fc5684e0e9931f060bd69a66ad22fa0c5a4a67d91a9cc9678fda771bfa21d30b24c1eff30c8c29c523e0f5412727
SSDEEP

49152:trRR2XUklJM+nFfi3kKaT9EcMEMUHqTJ8YgmqbDi/jrj:tGUOJZFEkKaJbHqSzmqvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
halo.exe

Files

halo.exe
.exe windows:4 windows x86 arch:x86

Password: h

bdab6858da105afb5c569c8409f6f120

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\halopc\halopc\objects\halo\halo.pdb

Imports

kernel32

GetProcAddress
VirtualAlloc
LoadLibraryA
GlobalMemoryStatus
SetErrorMode
QueryPerformanceCounter
GlobalAlloc
GetFileAttributesA
CreateDirectoryA
GlobalFree
QueryPerformanceFrequency
GetCurrentProcessId
GlobalReAlloc
GetCurrentThread
GetTickCount
FillConsoleOutputCharacterA
GetNumberOfConsoleInputEvents
WriteConsoleOutputCharacterA
ReadConsoleInputA
SetConsoleCursorPosition
GetStdHandle
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleCursorInfo
FillConsoleOutputAttribute
GetConsoleCursorInfo
GetTimeFormatA
GetDateFormatA
VirtualQuery
GetLocalTime
GetModuleFileNameA
FormatMessageA
LocalFree
SetThreadLocale
GetThreadLocale
FindFirstFileA
CopyFileA
FindClose
FindNextFileA
DeleteFileA
GetDiskFreeSpaceExA
GlobalLock
GetACP
GlobalUnlock
LocalAlloc
GetCurrentDirectoryA
GetVersionExA
GetTempPathA
SetPriorityClass
GetPriorityClass
CreateProcessA
TerminateProcess
MultiByteToWideChar
GetModuleHandleA
GetCurrentThreadId
DuplicateHandle
RemoveDirectoryA
GetFileAttributesExA
SetFileAttributesA
WideCharToMultiByte
GetThreadPriority
LoadResource
LockResource
CreateFileW
VirtualFree
FindResourceA
FindResourceW
GetSystemInfo
IsProcessorFeaturePresent
lstrcmpiA
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapFree
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
SetEnvironmentVariableA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetTimeZoneInformation
HeapSize
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetFileType
SetHandleCount
FlushFileBuffers
HeapReAlloc
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RaiseException
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadFileEx
SetLastError
GetLastError
CreateEventA
WaitForSingleObjectEx
SleepEx
SetEvent
VirtualProtect
Sleep
CreateFileMappingA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
CreateFileA
ExitThread
GetCurrentProcess
FreeLibrary
ExitProcess
WriteFile
GetSystemTime
GetFileTime
ReadFile
SetFileTime
CompareFileTime
SizeofResource
SystemTimeToFileTime
TerminateThread
CreateThread
ResumeThread
CloseHandle
ReleaseMutex
CreateMutexA
GetExitCodeThread
SetThreadPriority
FindResourceExA
WaitForSingleObject

user32

GetPropA
LoadStringA
GetParent
RemovePropA
SendMessageA
PtInRect
GetCapture
SetPropA
InvalidateRect
GetWindowLongA
GetDlgItem
SetCapture
IsDlgButtonChecked
ReleaseCapture
SetWindowTextA
EnableWindow
DispatchMessageA
PeekMessageA
TranslateMessage
MessageBoxA
LoadCursorA
SetCursor
ClientToScreen
EndDialog
CallWindowProcA
DialogBoxIndirectParamA
DialogBoxParamA
SetDlgItemTextA
CreateDialogIndirectParamA
SetWindowPos
GetWindowPlacement
FindWindowA
CloseClipboard
PostQuitMessage
IsClipboardFormatAvailable
wsprintfA
GetClientRect
GetDoubleClickTime
GetForegroundWindow
GetClipboardData
DefWindowProcA
OpenClipboard
ValidateRect
DestroyWindow
SetActiveWindow
RegisterClassExA
SetForegroundWindow
LoadBitmapA
LoadIconA
SetFocus
GetDC
ShowCursor
SetWindowLongA
UnregisterClassA
ReleaseDC
ShowWindow
AdjustWindowRect
MoveWindow
MsgWaitForMultipleObjects
GetCursorPos
GetWindowRect
GetDesktopWindow
GetKeyState
GetAsyncKeyState
GetActiveWindow
GetSystemMetrics
CreateWindowExA

gdi32

CreateFontIndirectA
StretchBlt
GetObjectA
GetDeviceGammaRamp
SetDeviceGammaRamp
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SetTextColor

advapi32

SetSecurityDescriptorGroup
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AccessCheck
DuplicateToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
SetSecurityDescriptorOwner
AddAccessAllowedAce
FreeSid
IsValidSecurityDescriptor
GetLengthSid
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
RegOpenKeyA
OpenThreadToken

ole32

CoCreateInstance
CoInitialize
StringFromGUID2
CLSIDFromString
CoUninitialize

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: h

bdab6858da105afb5c569c8409f6f120

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 240KB - Virtual size: 237KB

.data Size: 172KB - Virtual size: 2.0MB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 240KB - Virtual size: 237KB

.data
Size: 172KB - Virtual size: 2.0MB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 60KB - Virtual size: 59KB