[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

.exe
Size

4.5MB
MD5

b680117c2dbf1c15757dcd64753d5aef
SHA1

a85bf5b336df0423e23653e826184254225393dc
SHA256

b52066cf0aad14efb9b7e9f6a5a17c78a96243b3b5f1af6fd012dccf9558f957
SHA512

0d65b9385993960660a2267f31c19c5dea4cf0e2471cdfde17a2d0a08335169050e35aa86b29b7a58fd91ea8bafb2d26ab82faa4857e385d25f0e3f8be9b21d9
SSDEEP

98304:kBmpSk9PmtlOydqj+MtDRb7uetem5BkNT+:kWcOydqjnD9ueB5m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
.exe

Files

.exe
.exe windows:6 windows x86 arch:x86

d9675b469631fe99fe03cca56b5f3f1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Develop\krkrz\branch\bin\win32\tvpwin32.pdb

Imports

kernel32

GlobalAlloc
Sleep
SizeofResource
GetVersionExW
GlobalFree
LockResource
GlobalMemoryStatusEx
SetCurrentDirectoryW
HeapSetInformation
GetCurrentThreadId
GetSystemTime
CreateMutexW
HeapCompact
GetNativeSystemInfo
HeapQueryInformation
GetProcessHeaps
HeapWalk
GetConsoleMode
FreeConsole
WriteConsoleW
AttachConsole
GetLocalTime
SetConsoleTitleW
GetConsoleTitleW
GetConsoleProcessList
OpenProcess
GetProcessAffinityMask
SetThreadAffinityMask
GlobalMemoryStatus
TerminateProcess
GetCurrentThread
SetThreadPriority
GlobalDeleteAtom
GlobalAddAtomW
MulDiv
OutputDebugStringW
FormatMessageW
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CreateThread
MultiByteToWideChar
GetVersionExA
LoadLibraryExW
SearchPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
ExitThread
CreateEventW
IsBadReadPtr
GetSystemInfo
GetThreadPriority
SuspendThread
ResumeThread
HeapAlloc
DeleteFileW
HeapDestroy
HeapCreate
LocalSize
GetFileAttributesExW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
RaiseException
RtlUnwind
GetCommandLineW
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetStringTypeW
WideCharToMultiByte
lstrcmpW
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
InterlockedExchange
ExitProcess
GetTimeZoneInformation
GetConsoleCP
GetProcessHeap
LoadResource
FindResourceW
VirtualQuery
GetFullPathNameW
LocalFree
LocalLock
LocalUnlock
GetVolumeInformationW
SetThreadIdealProcessor
GetCurrentProcessId
SetFilePointerEx
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetExitCodeProcess
SetEnvironmentVariableA
SetEnvironmentVariableW
GetFileType
RemoveDirectoryW
GetTempPathW
CreateFileW
GetFileAttributesW
GetTickCount
CreateDirectoryW
SetEndOfFile
GetDriveTypeW
SetFilePointer
GetFileSize
CloseHandle
DuplicateHandle
CreatePipe
SetStdHandle
GetStdHandle
FlushFileBuffers
GetModuleFileNameW
ReadFile
WriteFile
GetCurrentProcess
CreateProcessW
FindNextFileW
FindClose
GetProcAddress
LoadLibraryW
FreeLibrary
FindFirstFileW
GetLastError
GetModuleHandleW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
InitializeCriticalSection

user32

MonitorFromWindow
SetCursorPos
GetKeyboardLayout
SetWindowRgn
ClientToScreen
MoveWindow
GetForegroundWindow
PostThreadMessageW
RegisterWindowMessageW
DestroyCaret
LoadStringW
GetFocus
OpenClipboard
SetCaretPos
GetMonitorInfoW
EndPaint
GetWindowTextLengthW
GetSystemMenu
ScreenToClient
SetActiveWindow
GetMessageExtraInfo
GetClipboardData
IsClipboardFormatAvailable
SetFocus
MsgWaitForMultipleObjects
EnumDisplaySettingsExW
GetKeyState
TrackMouseEvent
IsWindowEnabled
GetClientRect
BeginPaint
SetPropW
GetCapture
GetMenu
LoadIconW
SetRect
InvalidateRect
GetWindowTextW
GetMenuItemCount
SetClipboardData
SetCapture
CloseClipboard
GetPriorityClipboardFormat
KillTimer
SetTimer
GetDC
ReleaseDC
ChangeDisplaySettingsW
GetSysColor
SystemParametersInfoW
EnumDisplaySettingsW
LoadCursorFromFileW
GetQueueStatus
AdjustWindowRectEx
ReleaseCapture
IsWindowVisible
UpdateWindow
SetWindowTextW
SetCursor
LoadCursorW
WindowFromPoint
GetCursor
DialogBoxParamW
GetDlgItem
EndDialog
SetDlgItemTextW
EnableWindow
TranslateAcceleratorW
DestroyAcceleratorTable
IsIconic
CreateAcceleratorTableW
WaitMessage
TranslateMessage
LoadAcceleratorsW
PeekMessageW
ShowWindow
DispatchMessageW
GetAsyncKeyState
GetSystemMetrics
EnumWindows
GetCursorPos
SendMessageW
GetWindowThreadProcessId
DestroyWindow
PostMessageW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
DefWindowProcW
GetWindowRect
GetParent
SetWindowPos
PostQuitMessage
MessageBoxW
CreateCaret

gdi32

DeleteObject
GetFontData
SelectObject
CreateFontIndirectW
GetTextMetricsW
GetStockObject
EnumFontFamiliesExW
GetObjectW
CombineRgn
CreateDIBSection
DeleteDC
EnumFontsW
CreateDIBitmap
GetPixel
CreateCompatibleBitmap
SetPixel
ExtCreateRegion
CreateRectRgn
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetGlyphOutlineW
GetDeviceCaps
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetPathFromIDListW
SHGetKnownFolderPath

ole32

StringFromGUID2
CreateItemMoniker
CoInitialize
GetRunningObjectTable
CoFreeUnusedLibraries
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
PropVariantClear

oleaut32

VariantClear

winmm

timeEndPeriod
timeKillEvent
timeGetTime
timeGetDevCaps
timeBeginPeriod
timeSetEvent

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetUniversalNameW

shlwapi

PathIsDirectoryW
PathFileExistsW

imm32

ImmGetContext
ImmGetOpenStatus
ImmIsIME
ImmSetCompositionFontW
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmGetConversionStatus
ImmSetCompositionWindow
ImmReleaseContext

dbghelp

MiniDumpWriteDump

quartz

AMGetErrorTextW

propsys

PropVariantToDouble

mfplat

MFShutdown
MFFrameRateToAverageTimePerFrame
MFStartup

mf

MFCreateVideoRendererActivate
MFCreateAudioRendererActivate
MFCreateTopologyNode
MFCreateTopology
MFCreateMediaSession
MFCreateSourceResolver

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 857KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9675b469631fe99fe03cca56b5f3f1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

version

mpr

shlwapi

imm32

dbghelp

quartz

propsys

mfplat

mf

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.adata Size: 512B - Virtual size: 80B

.rdata Size: 857KB - Virtual size: 857KB

.data Size: 35KB - Virtual size: 680KB

.rsrc Size: 428KB - Virtual size: 428KB

.reloc Size: 218KB - Virtual size: 218KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.adata
Size: 512B - Virtual size: 80B

.rdata
Size: 857KB - Virtual size: 857KB

.data
Size: 35KB - Virtual size: 680KB

.rsrc
Size: 428KB - Virtual size: 428KB

.reloc
Size: 218KB - Virtual size: 218KB