twitch[.]aex | Triage

Sharing

Copy URL Twitter E-mail

General

Target

twitch.aex
Size

844KB
MD5

6dbfb9eaa5aa2693750aae919104b8fa
SHA1

3ee469aab98bfe4d55156017be5dea4ea0430ebb
SHA256

bb8abaa1289eced1366541e414dbca19c48bb649af9ba7a58e40de2807452598
SHA512

af08dab835b349b744ded7910ad16f87d44961ec37547ef3d6b6d17670a45a572f2ddc803ed0bbbe7606263a0c4dafe6b3e5f6ccda5a9ac716de27d94962301b
SSDEEP

12288:CmuwYw5c6QIeFEbLfSsQl9jG5uHLy+n3Ahzy7wAbRUhWjy:C/OEc6jG5+nwhQUhWjy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
twitch.aex

Files

twitch.aex
.dll windows:5 windows x64 arch:x64

a70ee4c7fee6bd6a6f546fa838a63542

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyA
RegCloseKey
RegQueryValueExA

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateThread
AllocConsole
SetConsoleScreenBufferSize
FreeConsole
SetConsoleTitleA
GetStdHandle
WriteConsoleA
GetModuleFileNameA
Sleep
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap

Exports

Exports

EntryPointFunc

Sections

.text
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a70ee4c7fee6bd6a6f546fa838a63542

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 487KB - Virtual size: 487KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 254KB - Virtual size: 268KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 408B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 487KB - Virtual size: 487KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 254KB - Virtual size: 268KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 408B

.reloc
Size: 4KB - Virtual size: 4KB