Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

766KB
MD5

f84318afa382ae2f74f08be8ba328b7a
SHA1

8673e0f055ac85c6e256a7d6c3de33d6ccb9a554
SHA256

26c8103ac0b724de4d9d018f6b94fa9868cbe82dc4006460533d1cd92c72274b
SHA512

d6e6bd5561b6762b33370370e5f368605cdcf7ace6b49114adc6ad1df7d891a2fdc51b554893a379a18fe376872f1a0d99600d043f7c2822f5bc422e636f656e
SSDEEP

12288:7LlEGwAWQPHNEqEFXfkbJt0KF62v6zc3g3bDLsa0vNb/1oLff9pGHNu4B2UoHd:HlEGwHQPKqEFPkbJt0KrsWNb1oLfCI4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:6 windows x86 arch:x86

ee45de7ee456a50cde1fbb3bd99e1ab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetOEMCP
GetCPInfo
SetErrorMode
GetFileAttributesExA
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetVolumeInformationA
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
GetFileAttributesExW
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
HeapQueryInformation
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetFullPathNameA
FlushFileBuffers
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
MulDiv
GetCurrentProcessId
GlobalAddAtomA
FindResourceA
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FindClose
FindFirstFileA
FileTimeToSystemTime
DeleteFileA
Sleep
ExitProcess
LoadLibraryA
GetProcAddress
CloseHandle
WriteFile
CreateFileA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree

user32

DestroyMenu
CharUpperA
GetSysColorBrush
InvalidateRect
SetTimer
RealChildWindowFromPoint
LoadCursorA
IsDialogMessageA
SetWindowTextA
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
UnregisterClassA
LoadIconW
IsIconic
SendMessageA
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
KillTimer
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
GetDesktopWindow
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
PostMessageA
SetWindowsHookExA
PostQuitMessage
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
GetKeyState
ValidateRect
DrawTextA
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
SetCursor
CallNextHookEx
GetCursorPos

gdi32

SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetViewportExtEx
ExtTextOutA
TextOutA
GetObjectA
GetStockObject
SetTextColor
SetMapMode
SetBkColor
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
DeleteDC
CreateBitmap
DeleteObject
Escape
GetClipBox
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHChangeNotify

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA

ole32

CoTaskMemFree
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocStringLen
VariantChangeType
VariantInit
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 401KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee45de7ee456a50cde1fbb3bd99e1ab9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oleacc

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 401KB - Virtual size: 411KB

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 401KB - Virtual size: 411KB

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 15KB - Virtual size: 14KB