hallo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hallo.exe
Size

9.4MB
MD5

a4a5a9402a8faa1f20a7039715c037be
SHA1

c5bb48259a6940b18c91ffab60c6f32113651a52
SHA256

a1038b52246f4653b43030d4d91fc44c067334d0f106cc1d3249aa1c956500f3
SHA512

9193c1d7f2b9742f117440ec3de94042b19541b0c627358a42547088aa31bac0937b90b733b29e2289813c2069410ac9cbc5d8f5be2bb76620c1b68659fc13c4
SSDEEP

98304:mjH5bRUFwh0BeqNEa1lAEwI7nidr1z+HSD+tKg:K6FWQLFwTr1z+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hallo.exe

Files

hallo.exe
.exe windows:6 windows x64 arch:x64

d81f1ce66d3218e2a01205a901b3a00a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hallo.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

kernel32

GetSystemInfo
GetUserPreferredUILanguages
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
RemoveVectoredExceptionHandler
GetModuleHandleW
GetModuleHandleA
AddVectoredExceptionHandler
LoadLibraryExW
FreeLibrary
SetThreadErrorMode
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExA
CreateEventA
SetThreadStackGuarantee
SwitchToThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetProcAddress
GetStdHandle
GetCurrentProcessId
GetSystemTimePreciseAsFileTime
HeapReAlloc
lstrlenW
ReleaseMutex
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
WriteConsoleW
CreateThread
GetFullPathNameW
WaitForSingleObjectEx
CreateMutexA
LoadLibraryA
FormatMessageW
GetCurrentThread
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GlobalFree
GlobalAlloc
GlobalSize
GlobalLock
Sleep
GetLastError
GetConsoleMode
CreateFileW
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFileInformationByHandle
GetSystemTimeAsFileTime
IsProcessorFeaturePresent

user32

GetForegroundWindow
FlashWindowEx
PeekMessageW
DispatchMessageW
TranslateMessage
ChangeDisplaySettingsExW
GetWindowPlacement
SetWindowPlacement
EmptyClipboard
OpenClipboard
GetClipboardData
SetClipboardData
GetDC
ReleaseDC
CloseClipboard
GetMessageW
SetTimer
KillTimer
RegisterWindowMessageA
SetCapture
ReleaseCapture
ClientToScreen
GetWindowRect
ShowCursor
GetClipCursor
ClipCursor
IsIconic
IsProcessDPIAware
ShowWindow
IsWindowVisible
EnableMenuItem
SendMessageW
SetWindowLongW
GetWindowLongW
AdjustWindowRectEx
SystemParametersInfoA
RegisterRawInputDevices
GetRawInputData
MapVirtualKeyW
RedrawWindow
DestroyIcon
MonitorFromPoint
SetWindowTextW
SetMenuDefaultItem
TrackPopupMenu
SendInput
SetForegroundWindow
GetKeyboardState
GetAsyncKeyState
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
RegisterClassExA
DefWindowProcA
CreateWindowExA
MonitorFromWindow
GetActiveWindow
GetSystemMenu
GetWindowLongPtrW
GetCursorPos
TrackMouseEvent
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
MonitorFromRect
SetCursor
LoadCursorW
DestroyWindow
GetMenu
ValidateRect
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
InvalidateRgn
SetWindowPos
GetClientRect
SetWindowDisplayAffinity
RegisterTouchWindow
GetSystemMetrics
PostMessageW
CreateIcon
GetMonitorInfoW

shell32

DragQueryFileW
DragFinish

gdi32

CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
GetPixelFormat
SetPixelFormat
DescribePixelFormat
SwapBuffers
BitBlt
DeleteObject
ChoosePixelFormat
CreateRectRgn

advapi32

RevertToSelf
ImpersonateAnonymousToken

ole32

RevokeDragDrop
CoInitializeEx
CoCreateInstance
RegisterDragDrop
CoUninitialize
OleInitialize

dwmapi

DwmEnableBlurBehindWindow

uxtheme

SetWindowTheme

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext

opengl32

wglGetProcAddress
wglGetCurrentContext
wglMakeCurrent
wglDeleteContext
wglCreateContext

d3dcompiler_47

D3DCompile

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

__CxxFrameHandler3
memset
memmove
memcmp
memcpy
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-math-l1-1-0

round
trunc
floor
sin
powf
floorf
roundf
pow
ceil
tan
cos
fmod
atan2
__setusermatherr
exp2
exp2f
acos
_hypotf
expf
tanf
fmodf
acosf
sinf
cosf
ceilf
fmaf

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_exe
_initterm
_initterm_e
exit
_exit
_get_initial_narrow_environment
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d81f1ce66d3218e2a01205a901b3a00a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

shell32

gdi32

advapi32

ole32

dwmapi

uxtheme

imm32

opengl32

d3dcompiler_47

oleaut32

ntdll

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 13KB - Virtual size: 14KB

.pdata Size: 287KB - Virtual size: 287KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 13KB - Virtual size: 14KB

.pdata
Size: 287KB - Virtual size: 287KB

.reloc
Size: 38KB - Virtual size: 38KB