vector[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vector.exe
Size

105.4MB
MD5

8dc147cfcd5749f0e81b54d8b20c4db7
SHA1

53204c6750d60995bf86ab9f5225750267cbb69f
SHA256

5cea523101a68934405583039aea5b9a11d1849be12ac63fff1f0d9b0f5c47eb
SHA512

f0f063e799d26ed5530616145084484fbe02578b30a4a9306eb1e1b8f214aa84726a2dee38ac10a8ff87a42b7da6f91782e82bf7de12ea6276487c405d581960
SSDEEP

393216:Tkwui0YOdnqo1a3S15VwOui6fNNX4mDiQa4rf/D+Ieok7nVxVVxYkYNPXJs64T5T:DR0goU3SXVdQfDX3m66N1gP+EY4l

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vector.exe

Files

vector.exe
.exe windows:6 windows x64 arch:x64

2d0ea53b54c6a8853c761e672320e2d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vector.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

ntdll

NtSetInformationFile
NtDeviceIoControlFile
RtlPcToFileHeader
RtlUnwindEx
RtlNtStatusToDosError
NtCancelIoFileEx
NtQuerySystemInformation
NtReadFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtWriteFile
NtCreateFile
RtlUnwind

secur32

QueryCredentialsAttributesA
DeleteSecurityContext
FreeContextBuffer
EncryptMessage
AcceptSecurityContext
QueryContextAttributesA
InitializeSecurityContextA
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW

kernel32

CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
GetSystemTimePreciseAsFileTime
GetTimeZoneInformationForYear
SetConsoleCursorPosition
SetConsoleCursorInfo
WaitForMultipleObjects
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleActiveScreenBuffer
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
CreateFileW
CreateSemaphoreW
Sleep
lstrlenW
PostQueuedCompletionStatus
FormatMessageW
WideCharToMultiByte
SetFilePointerEx
GetFileInformationByHandle
DeviceIoControl
CreateEventW
LockFileEx
WaitForSingleObject
UnlockFileEx
SetFilePointer
SetEndOfFile
FindClose
GetLogicalDriveStringsW
GetComputerNameExW
SetNamedPipeHandleState
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
UnmapViewOfFile
VirtualProtect
ReadFile
GetOverlappedResult
WriteFile
CancelIoEx
GetModuleHandleA
GetProcAddress
GetModuleHandleW
GlobalLock
GlobalSize
GlobalUnlock
GetConsoleCursorInfo
WriteConsoleW
MultiByteToWideChar
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleFileNameW
SetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
ReadConsoleW
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
SetConsoleTextAttribute
ReadFileEx
SleepEx
WriteFileEx
GetExitCodeProcess
CancelIo
GetSystemInfo
TerminateProcess
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
GetFileType
CreateFileA
FillConsoleOutputCharacterW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
RegisterWaitForSingleObject
UnregisterWaitEx
SetConsoleCtrlHandler
GetProcessId
GetTickCount64
GetSystemTimeAsFileTime
GetActiveProcessorCount
GetLogicalProcessorInformationEx
FindNextVolumeW
FindFirstVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetDriveTypeW
SetThreadErrorMode
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
FlushViewOfFile
GetCommandLineW
LocalAlloc
LocalFree
CreateConsoleScreenBuffer
ReleaseSemaphore
LoadLibraryExA
FreeLibrary
ResetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetSystemTime
GetEnvironmentVariableA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapSize
SetEvent
CreateEventA
ExitThread
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetThreadId
FormatMessageA
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
GetACP
CreateSemaphoreA
ConvertFiberToThread
ConvertThreadToFiberEx
ReadConsoleA
GetModuleFileNameA
GetModuleHandleExW
SetConsoleMode
GetConsoleMode
GetStdHandle
HeapReAlloc
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
HeapFree
PeekNamedPipe
FileTimeToSystemTime
FreeLibraryAndExitThread
GetCommandLineA
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
ExitProcess
GetConsoleScreenBufferInfo
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
SetStdHandle
GetConsoleOutputCP
GetFileSizeEx
GetTimeZoneInformation
GetFileAttributesExW
CreatePipe
GetCPInfo
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetStringTypeW
CreateThread
DeleteCriticalSection
UnhandledExceptionFilter

advapi32

CryptAcquireContextW
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
OpenSCManagerW
QueryServiceStatusEx
ControlService
CloseServiceHandle
CreateServiceW
OpenServiceW
StartServiceW
RegisterServiceCtrlHandlerExW
SetServiceStatus
GetUserNameW
DeleteService
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
CryptGenRandom
StartServiceCtrlDispatcherW
ReportEventW

iphlpapi

GetAdaptersAddresses

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CloseClipboard
GetForegroundWindow
GetClipboardData
OpenClipboard
ToUnicodeEx
GetWindowThreadProcessId
GetKeyboardLayout

crypt32

CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertVerifyTimeValidity
PFXImportCertStore
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertDuplicateStore
CertOpenStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertGetEnhancedKeyUsage
CertFindCertificateInStore
CertOpenSystemStoreW

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
htonl
ntohl
ntohs
WSAPoll
WSACloseEvent
gethostbyname
htons
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
getnameinfo
listen
sendto
getpeername
WSARecv
getsockname
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
recvfrom
accept
socket
send
WSASend
recv
shutdown
bind
setsockopt
WSACreateEvent
WSASocketW
getsockopt
WSAIoctl
select
connect
ioctlsocket
closesocket
WSASetLastError
WSAGetLastError

shlwapi

AssocQueryStringW

bcrypt

BCryptGenRandom

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ncrypt

NCryptFreeObject

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

Exports

Exports

OnigDefaultCaseFoldFlag
OnigDefaultSyntax
OnigEncodingASCII
OnigEncodingUTF8
OnigSyntaxOniguruma
OnigSyntaxRuby
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
onig_builtin_cmp
onig_builtin_count
onig_builtin_error
onig_builtin_fail
onig_builtin_max
onig_builtin_mismatch
onig_builtin_total_count
onig_callout_tag_is_exist_at_callout_num
onig_copy_encoding
onig_end
onig_error_code_to_str
onig_foreach_name
onig_free
onig_free_body
onig_free_match_param
onig_free_match_param_content
onig_get_arg_by_callout_args
onig_get_args_num_by_callout_args
onig_get_callback_each_match
onig_get_callout_data
onig_get_callout_data_by_callout_args
onig_get_callout_data_by_callout_args_self
onig_get_callout_data_by_callout_args_self_dont_clear_old
onig_get_callout_data_by_tag
onig_get_callout_data_by_tag_dont_clear_old
onig_get_callout_data_dont_clear_old
onig_get_callout_in_by_callout_args
onig_get_callout_name_by_name_id
onig_get_callout_num_by_callout_args
onig_get_callout_num_by_tag
onig_get_callout_tag_end
onig_get_callout_tag_start
onig_get_capture_range_in_callout
onig_get_capture_tree
onig_get_case_fold_flag
onig_get_contents_by_callout_args
onig_get_contents_end_by_callout_args
onig_get_current_by_callout_args
onig_get_default_case_fold_flag
onig_get_encoding
onig_get_match_stack_limit_size
onig_get_name_id_by_callout_args
onig_get_options
onig_get_parse_depth_limit
onig_get_passed_args_num_by_callout_args
onig_get_progress_callout
onig_get_regex_by_callout_args
onig_get_retraction_callout
onig_get_retry_counter_by_callout_args
onig_get_retry_limit_in_match
onig_get_retry_limit_in_search
onig_get_right_range_by_callout_args
onig_get_start_by_callout_args
onig_get_string_by_callout_args
onig_get_string_end_by_callout_args
onig_get_subexp_call_limit_in_search
onig_get_subexp_call_max_nest_level
onig_get_syntax
onig_get_used_stack_size_in_callout
onig_initialize
onig_initialize_encoding
onig_initialize_match_param
onig_is_error_code_needs_param
onig_match
onig_match_with_param
onig_name_to_backref_number
onig_name_to_group_numbers
onig_new
onig_new_match_param
onig_noname_group_capture_is_active
onig_number_of_capture_histories
onig_number_of_captures
onig_number_of_names
onig_reg_init
onig_region_clear
onig_region_copy
onig_region_free
onig_region_init
onig_region_new
onig_region_resize
onig_region_set
onig_regset_add
onig_regset_free
onig_regset_get_regex
onig_regset_get_region
onig_regset_new
onig_regset_number_of_regex
onig_regset_replace
onig_regset_search
onig_regset_search_with_param
onig_scan
onig_search
onig_search_with_param
onig_set_callback_each_match
onig_set_callout_data
onig_set_callout_data_by_callout_args
onig_set_callout_data_by_callout_args_self
onig_set_callout_data_by_tag
onig_set_callout_of_name
onig_set_callout_user_data_of_match_param
onig_set_capture_num_limit
onig_set_default_case_fold_flag
onig_set_match_stack_limit_size
onig_set_match_stack_limit_size_of_match_param
onig_set_parse_depth_limit
onig_set_progress_callout
onig_set_progress_callout_of_match_param
onig_set_retraction_callout
onig_set_retraction_callout_of_match_param
onig_set_retry_limit_in_match
onig_set_retry_limit_in_match_of_match_param
onig_set_retry_limit_in_search
onig_set_retry_limit_in_search_of_match_param
onig_set_subexp_call_limit_in_search
onig_set_subexp_call_max_nest_level
onig_set_verb_warn_func
onig_set_warn_func
onig_setup_builtin_monitors_by_ascii_encoded_name
onig_unicode_define_user_property
onigenc_get_default_encoding
onigenc_get_left_adjust_char_head
onigenc_get_prev_char_head
onigenc_get_right_adjust_char_head
onigenc_get_right_adjust_char_head_with_prev
onigenc_init
onigenc_is_valid_mbc_string
onigenc_set_default_caseconv_table
onigenc_set_default_encoding
onigenc_step_back
onigenc_str_bytelen_null
onigenc_strdup
onigenc_strlen
onigenc_strlen_null

Sections

.text
Size: 81.7MB - Virtual size: 81.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20.1MB - Virtual size: 20.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d0ea53b54c6a8853c761e672320e2d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

secur32

kernel32

advapi32

iphlpapi

user32

crypt32

ws2_32

shlwapi

bcrypt

shell32

ole32

ncrypt

oleaut32

Exports

Exports

Sections

.text Size: 81.7MB - Virtual size: 81.7MB

.rdata Size: 20.1MB - Virtual size: 20.1MB

.data Size: 149KB - Virtual size: 194KB

.pdata Size: 3.1MB - Virtual size: 3.1MB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 424KB - Virtual size: 423KB

.text
Size: 81.7MB - Virtual size: 81.7MB

.rdata
Size: 20.1MB - Virtual size: 20.1MB

.data
Size: 149KB - Virtual size: 194KB

.pdata
Size: 3.1MB - Virtual size: 3.1MB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 424KB - Virtual size: 423KB