5ae18ac8c0baa4b8e2a72987a84136f7e57b31305e05b409ab8486e7e2126a73[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5ae18ac8c0baa4b8e2a72987a84136f7e57b31305e05b409ab8486e7e2126a73.exe
Size

5.8MB
MD5

7c086bfdd9d70d2006bddd0c06a85426
SHA1

29f1f9edab052fcf808d4fd8e1b8a8563b3a1d03
SHA256

5ae18ac8c0baa4b8e2a72987a84136f7e57b31305e05b409ab8486e7e2126a73
SHA512

6af568ff77ecab6892f5b25fbde7d3005d1be2066e12c511fc541e97c37f670955412db1d3142787e52c5ac95993cc636dff9007cfb2d9177d58db288bdb89c1
SSDEEP

49152:9GqicgQaP92S7kuPE7QZXWHT2aAholvg3xQZ7p6NI3P5XK:aQy9z7kusEx3gf5K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae18ac8c0baa4b8e2a72987a84136f7e57b31305e05b409ab8486e7e2126a73.exe

Files

5ae18ac8c0baa4b8e2a72987a84136f7e57b31305e05b409ab8486e7e2126a73.exe
.exe windows:6 windows x64 arch:x64

5c0d041bec4d36c68c76a99955a498a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yfjvy\Downloads\MeshAgent-master\Debug\MeshService64.pdb

Imports

comctl32

InitCommonControlsEx

dbghelp

MiniDumpWriteDump
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymFunctionTableAccess64
StackWalk64
SymFromAddr

iphlpapi

ConvertLengthToIpv4Mask
SendARP
GetAdaptersInfo
GetAdaptersAddresses

ws2_32

WSAResetEvent
htonl
htons
ntohl
ntohs
gethostname
__WSAFDIsSet
WSASetLastError
accept
bind
closesocket
ioctlsocket
getsockname
listen
recv
send
WSAGetLastError
WSASocketW
setsockopt
socket
connect
getsockopt
recvfrom
sendto
shutdown
WSAIoctl
select
WSAStartup
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEventSelect
FreeAddrInfoW
GetAddrInfoW

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptEncodeObject
CryptMsgOpenToEncode
CryptMsgCalculateEncodedLength
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CryptMsgControl
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertGetCertificateContextProperty
CertStrToNameA
CertStrToNameW
CertCreateSelfSignCertificate
PFXExportCertStore
CryptAcquireCertificatePrivateKey

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipCloneImage
GdipLoadImageFromStreamICM
GdipAlloc

ncrypt

NCryptOpenStorageProvider
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
BCryptFinishHash
NCryptFreeObject
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptGenRandom
BCryptHashData

kernel32

VirtualQuery
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
GetStdHandle
SetEnvironmentVariableA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
Sleep
CreateProcessW
OpenProcess
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExA
GetSystemPowerStatus
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObjectEx
QueueUserAPC
CreateThread
GetCurrentThreadId
OpenThread
GetModuleHandleA
ReadFile
SleepEx
LoadLibraryA
GetCurrentProcess
SetThreadExecutionState
SetSystemPowerState
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
FindVolumeClose
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesExW
GetFinalPathNameByHandleW
RemoveDirectoryW
SetFilePointer
CancelIo
CreateEventA
ReadDirectoryChangesW
FindFirstVolumeA
FindNextVolumeA
GetVolumePathNamesForVolumeNameA
GetModuleHandleExA
WaitForMultipleObjectsEx
CreateFileA
ConnectNamedPipe
DisconnectNamedPipe
CancelIoEx
LocalFree
CreateNamedPipeA
IsDebuggerPresent
GetConsoleMode
SetConsoleMode
SetConsoleOutputCP
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTempPathW
CancelSynchronousIo
SetEvent
ResetEvent
RtlLookupFunctionEntry
TerminateProcess
GetThreadId
CopyFileW
MoveFileW
RtlCaptureContext
DeleteFileA
DuplicateHandle
GetOverlappedResult
GetCurrentThread
ExitThread
SuspendThread
ResumeThread
GetThreadContext
GetTickCount64
GetExitCodeProcess
WTSGetActiveConsoleSessionId
DeleteFileW
SetEndOfFile
SetFilePointerEx
OutputDebugStringA
LoadLibraryExW
FreeConsole
SetConsoleCtrlHandler
SetLastError
GetFileType
OutputDebugStringW
GetModuleHandleW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
EncodePointer
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
HeapSize
HeapValidate
GetSystemInfo
CreateDirectoryW
MoveFileExW
GetConsoleOutputCP
SetEnvironmentVariableW
WriteConsoleW
GetTimeZoneInformation
SetStdHandle
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
GetFileSizeEx
RtlVirtualUnwind
HeapReAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
IsProcessorFeaturePresent
HeapQueryInformation
GetCPInfo
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
GetStringTypeW

user32

GetDlgCtrlID
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPlacement
GetWindowPlacement
ShowWindow
CreateWindowExW
SendMessageW
MessageBeep
ExitWindowsEx
BlockInput
EnumDisplayMonitors
GetMonitorInfoA
GetSystemMetrics
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetCursorInfo
UnhookWinEvent
GetWindowRect
EnableWindow
DrawIconEx
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
MapVirtualKeyA
SendInput
GetKeyState
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
GetMessageExtraInfo
DispatchMessageA
TranslateMessage
GetMessageA
SetProcessDPIAware
GetProcessWindowStation
MessageBoxW
SetWindowTextA
GetIconInfo
SetWindowTextW
GetUserObjectInformationW
SetWinEventHook

gdi32

CreateSolidBrush
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
GetObjectA
SelectObject
GetDIBits
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SetBkColor
SetBkMode
SetTextColor

advapi32

RegisterServiceCtrlHandlerExA
QueryServiceStatus
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
StartServiceCtrlDispatcherA
RegCloseKey
RegCreateKeyW
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
InitiateSystemShutdownA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
CryptReleaseContext
CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclA
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CloseServiceHandle
OpenSCManagerA
OpenServiceA
SetServiceStatus

shell32

ShellExecuteExW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 641KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c0d041bec4d36c68c76a99955a498a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

dbghelp

iphlpapi

ws2_32

crypt32

gdiplus

ncrypt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 779KB - Virtual size: 778KB

.data Size: 641KB - Virtual size: 806KB

.pdata Size: 135KB - Virtual size: 135KB

.rsrc Size: 187KB - Virtual size: 186KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 779KB - Virtual size: 778KB

.data
Size: 641KB - Virtual size: 806KB

.pdata
Size: 135KB - Virtual size: 135KB

.rsrc
Size: 187KB - Virtual size: 186KB

.reloc
Size: 25KB - Virtual size: 24KB