xxstrings[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xxstrings.exe
Size

20KB
MD5

22236ec25998eca784c0658d83d69b14
SHA1

125e0d58455196b5424bae3e53203ae67b83327c
SHA256

2ae44e293a0d43b63aad72c68227e48067ab0960bc846aad1e758f1b791d21ae
SHA512

223a4166de2e5c19fcee8362072819cdecb802e17e23be6d7908ec7e382c3a51f71aef50812e356c55502da7595956c746691fdcc6c49793dfe6d165b6adca76
SSDEEP

384:B6NbvXwxvMgA9o4s6Zf1/SfpyD0cXfew0h/yj3Nb9HWwVg3nY5+3yOR6uyleY:B6Nb/8ve3r+E0efewsQNZVenYQZyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xxstrings.exe

Files

xxstrings.exe
.exe windows:6 windows x86 arch:x86

9616043f0f4dd8c3b7a2f1ecc9a48316

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\luamp\Downloads\xxstrings\Release\xxstrings.pdb

Imports

kernel32

LocalSize
LocalFree
IsWow64Process
OpenProcess
CreateToolhelp32Snapshot
CloseHandle
lstrlenW
ReadProcessMemory
Module32FirstW
Module32NextW
GetCurrentProcess
lstrcmpW
SetUnhandledExceptionFilter
LocalAlloc
FormatMessageW
VirtualQueryEx
GetLastError
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

advapi32

GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

msvcp140

?_Xlength_error@std@@YAXPBD@Z

psapi

GetModuleBaseNameW
GetProcessMemoryInfo

vcruntime140

__std_exception_destroy
memcpy
__CxxFrameHandler3
_CxxThrowException
_except_handler4_common
memset
__current_exception_context
__std_exception_copy
__current_exception
memmove

api-ms-win-crt-stdio-l1-1-0

_isatty
__p__commode
_set_fmode
__stdio_common_vswscanf
fflush
__stdio_common_vfprintf
fwrite
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf
_fileno

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
_initterm
__p___argc
__p___wargv
_cexit
_get_initial_wide_environment
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_configure_wide_argv
strerror
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_set_app_type
_seh_filter_exe
_errno
_invalid_parameter_noinfo_noreturn
_c_exit

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstombs

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9616043f0f4dd8c3b7a2f1ecc9a48316

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

psapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 824B