painted[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

painted.exe
Size

392KB
MD5

271764ef391ca0c1911d63eeb590641c
SHA1

b91791f81f18d769e4c1d6bd9b7ab3ae0bba3bd4
SHA256

c8058a4a5a5fd9241378556c726e1be0d48e4700f85e4502c5332773cfd4a51d
SHA512

c4fa3c346e09f778191df058897dcf15bda7cc1add4477644a49e5bbe855b991b547e2cfc1bf153a0018690a138f82b0269beff68ce20ba5f12c81d7afc2a1b5
SSDEEP

6144:9yolOooWAxOu4Q9aMKcqNPMXyGRzL0hIwjq9AVFAOrQ+AUTBJI:dOooWA/4Q9hKcq9kJRzcXVdeUTrI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
painted.exe

Files

painted.exe
.exe windows:5 windows x86 arch:x86

f3c66e99af03171320536bc9dbd81e04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetLocaleInfoA
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetModuleHandleA
RaiseException
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
GetModuleFileNameA
GetStdHandle
RtlUnwind
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LeaveCriticalSection
EnterCriticalSection
ExitProcess
Sleep
GetModuleHandleW
HeapReAlloc
GetCommandLineA
CreateDirectoryA
HeapAlloc
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapFree
GetLastError
GetProcAddress
LoadLibraryA

user32

ReleaseDC
CreateDialogParamA
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetDlgItem
PostQuitMessage
SetDlgItemTextA
GetDlgItemTextA
SendMessageA
GetDC
GetClientRect
FillRect

gdi32

CreateSolidBrush
DeleteObject
CreateDIBSection
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemFree

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3c66e99af03171320536bc9dbd81e04

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

shell32

ole32

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 61KB - Virtual size: 184KB

.rsrc Size: 1024B - Virtual size: 988B

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 61KB - Virtual size: 184KB

.rsrc
Size: 1024B - Virtual size: 988B