ExHIBIT[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ExHIBIT.exe
Size

1.2MB
MD5

7852184f5ac726ea4286a705e6d49eed
SHA1

6d068cbf6868b27800bbea51f2ce323ee850d13f
SHA256

aa9527c1e069387d4c59d1653c9846d5292e576f257c3d6d11bf45ee437f5241
SHA512

496717d329b99b48da78084750dc9f9b3fe925d110e5c2d3adbf0749275be178b09dbac935f9b972fa529664240f21f0917ea11476bb6333661e0cd36329de21
SSDEEP

24576:yZE7FmdiovhQRsohv/Q4ST33dxSYuZjspHovb1Ep7UyuT/VAbC3HygO:sh4lQj33dxSY5eJyuTyoHy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExHIBIT.exe

Files

ExHIBIT.exe
.exe windows:4 windows x86 arch:x86

f9e79adf7f1943ebc698aa036e2b425f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext
ImmGetDefaultIMEWnd

kernel32

LocalAlloc
OutputDebugStringA
CreateEventA
GetPrivateProfileStringA
CreateFileMappingA
GetLastError
MapViewOfFile
CloseHandle
UnmapViewOfFile
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
WaitForSingleObject
Sleep
FreeLibrary
LoadLibraryA
ExitProcess
GetThreadLocale
GetLocaleInfoA
GetACP
LocalLock
InterlockedDecrement
LocalFlags
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrlenA
LocalFree
FindNextFileA
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GlobalMemoryStatus
GetLocalTime
DeleteFileA
RemoveDirectoryA
GetExitCodeThread
ResumeThread
TerminateThread
GlobalAlloc
GlobalLock
GlobalUnlock
WritePrivateProfileStringA
LoadLibraryExA
GetSystemInfo
WaitForMultipleObjects
PulseEvent
ResetEvent
SetEvent
GetVersionExA
GetProcAddress
CreateDirectoryA
WriteFile
ReadFile
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
GetLogicalDrives
GetDriveTypeA
IsDBCSLeadByte
GetSystemDefaultLCID
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
lstrcatA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
lstrcpyA
LocalUnlock
RaiseException

user32

CreatePopupMenu
DeleteMenu
OpenClipboard
EmptyClipboard
CloseClipboard
PostThreadMessageA
PeekMessageA
GetFocus
GetAncestor
WindowFromPoint
ReleaseCapture
ShowCursor
SetCapture
GetCapture
RegisterClipboardFormatA
SetClipboardData
GetClipboardData
DialogBoxParamA
GetSysColor
DrawTextA
CallWindowProcA
WaitMessage
EnumDisplayMonitors
AppendMenuA
GetMenuItemCount
DrawMenuBar
EnumWindows
GetWindowThreadProcessId
SystemParametersInfoA
GetDesktopWindow
SetWindowLongA
GetActiveWindow
ClientToScreen
GetDoubleClickTime
TrackPopupMenu
GetSystemMenu
GetMenuItemInfoA
EnableMenuItem
GetClientRect
AdjustWindowRectEx
EnumDisplaySettingsA
GetWindowPlacement
IsZoomed
GetParent
SetWindowPos
FindWindowA
LoadImageA
ChangeDisplaySettingsExA
GetClassNameA
IsWindowVisible
InsertMenuItemA
MoveWindow
IsIconic
GetWindowRect
FindWindowExA
EndDialog
IsClipboardFormatAvailable
CreateDialogParamA
SendDlgItemMessageA
IsWindowEnabled
GetDlgItem
EnableWindow
SetDlgItemInt
GetSystemMetrics
SetForegroundWindow
SetTimer
KillTimer
GetAsyncKeyState
GetWindowTextA
GetCursorPos
ScreenToClient
GetMessageA
DispatchMessageA
TranslateMessage
PostQuitMessage
PostMessageA
CreateMenu
MonitorFromRect
GetMonitorInfoA
GetDlgItemTextA
SetDlgItemTextA
DestroyCaret
SetCaretBlinkTime
OffsetRect
GetWindowDC
SetCaretPos
RegisterClassA
RegisterClassExA
GetUpdateRect
BeginPaint
EndPaint
LoadIconA
DefWindowProcA
SetCursor
LoadCursorA
LoadCursorFromFileA
DestroyCursor
FillRect
GetDC
ReleaseDC
UnionRect
IntersectRect
CharPrevA
wvsprintfA
CharNextA
CheckMenuItem
AllowSetForegroundWindow
WINNLSEnableIME
DestroyMenu
GetSubMenu
GetWindowLongA
ShowCaret
CreateCaret
GetCaretPos
GetWindow
GetCaretBlinkTime
LoadMenuA
CreateWindowExA
SetFocus
SetWindowTextA
DestroyWindow
SendMessageA
InvalidateRect
UpdateWindow
ShowWindow
IsWindow
SetRectEmpty
MessageBoxA
HideCaret

gdi32

RealizePalette
BitBlt
StretchBlt
SetStretchBltMode
GdiFlush
SetROP2
SetBkMode
CreateCompatibleDC
SelectObject
Polyline
CreateDIBSection
CreateFontIndirectA
GetStockObject
AddFontResourceExA
DeleteDC
CreateICA
GetDeviceCaps
DeleteObject
GetSystemPaletteEntries
StretchDIBits
SelectPalette
CreatePen
SetTextColor
EnableEUDC
GetOutlineTextMetricsA
CreatePalette
MoveToEx
LineTo
CreateSolidBrush
CreateRectRgn
GetClipBox
GetDCOrgEx
GetTextExtentExPointA
TextOutA
GetTextExtentPoint32A
GetGlyphOutlineA
SetDIBColorTable

shell32

ShellExecuteExA
DragQueryPoint
DragFinish
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHAppBarMessage
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?name@locale@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1locale@std@@QAE@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
??0locale@std@@QAE@PBDH@Z

msvcr80

_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_configthreadlocale
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memset
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_getmbcp
_setmbcp
??2@YAPAXI@Z
_CxxThrowException
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
fread
ferror
fflush
fprintf
__iob_func
fwrite
sprintf
strncpy
sscanf
getenv
_CIlog
vsprintf
_CIlog10
_beginthreadex
_purecall
free
_CIcos
_CItan
_CIpow
malloc
_setjmp3
longjmp
strncpy_s
floor
_CIsin
_aligned_malloc
_aligned_free
_CIsqrt
_mbsstr
_ultoa
_ltoa
memmove_s
_mbsspnp
_mbccpy
_mbspbrk
_mbschr
_ismbbtrail
_mbsupr
_mbslwr
strtoul
_mbsnbcpy
atoi
isdigit
memcpy
__setusermatherr
_CIatan

winmm

timeGetTime
waveOutGetNumDevs
timeSetEvent
midiOutOpen
midiOutReset
midiOutShortMsg
midiOutLongMsg
timeKillEvent
midiOutClose
midiOutUnprepareHeader
midiOutPrepareHeader
mciSendCommandA
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
waveOutGetErrorTextA
waveOutOpen
waveOutClose
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutReset
waveOutGetDevCapsA
midiOutGetDevCapsA

comctl32

InitCommonControlsEx
ImageList_Destroy

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

libogg

ogg_page_eos
ogg_sync_clear
ogg_stream_clear
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_init
ogg_page_serialno
ogg_sync_pageout
ogg_sync_wrote
ogg_sync_buffer
ogg_sync_init

libvorbis

vorbis_synthesis_blockin
vorbis_synthesis
vorbis_synthesis_pcmout
vorbis_synthesis_read
vorbis_info_init
vorbis_comment_init
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_block_init
vorbis_block_clear
vorbis_dsp_clear
vorbis_info_clear

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

msvfw32

MCIWndCreateA

Sections

.text
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9e79adf7f1943ebc698aa036e2b425f

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

shell32

ole32

msvcp80

msvcr80

winmm

comctl32

version

libogg

libvorbis

comdlg32

advapi32

msvfw32

Sections

.text Size: 864KB - Virtual size: 861KB

.rdata Size: 172KB - Virtual size: 170KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 164KB - Virtual size: 163KB

.text
Size: 864KB - Virtual size: 861KB

.rdata
Size: 172KB - Virtual size: 170KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 164KB - Virtual size: 163KB