aa[.]exe | Triage

Resubmissions

14/08/2024, 19:33

240814-x9x7qazerg 6

14/08/2024, 19:30

240814-x72gcszeka 6

Sharing

Copy URL Twitter E-mail

General

Target

aa.exe
Size

1.3MB
MD5

e8b0a2029879886a5bd317a4c280be49
SHA1

2b73ab3036b93fa87a0eee6ce05a6c09688ff051
SHA256

880cd0010226362a687d0d0aa86d8e39439e3f61e1e3e6f07792d52e680eaf91
SHA512

a3b8ec67c1cce2a8be53d13079bb90d4eaeb0bb621438799da0ed23176a7a6937e372d0e97956b9522743eb6dd8c16cbf1b96b39ce242785e8d13cc8059430af
SSDEEP

3072:8d4YlIerKVyUGT5qDi3R5KdxtvEmEuW1DFiMJFeYES+7rnA33cvq4mOI5A43C3NU:UXlIerKV747+GtuGVGS+Hi3F4tLSDT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa.exe

Files

aa.exe
.exe windows:6 windows x86 arch:x86

1dc8d2d8e6fe9600e25cfbf1ef40a5d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nzx3r\Desktop\тут все\access\Release\access.pdb

Imports

kernel32

CloseHandle
GlobalLock
CopyFileW
GlobalUnlock
WriteConsoleW
HeapSize
CreateFileW
ReadConsoleW
SetStdHandle
GlobalFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GlobalAlloc
GetLastError
CreateMutexW
GetModuleFileNameW
GetProcessHeap
CreateDirectoryW
FindClose
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
MultiByteToWideChar
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
QueryPerformanceCounter
CompareStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapFree
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapReAlloc
HeapAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetEndOfFile

user32

DefWindowProcW
SetClipboardViewer
CreateWindowExW
SendMessageW
OpenClipboard
DispatchMessageW
GetMessageW
CloseClipboard
EmptyClipboard
RegisterClassW
TranslateMessage
GetClipboardData
SetClipboardData
PostQuitMessage
ChangeClipboardChain

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1dc8d2d8e6fe9600e25cfbf1ef40a5d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 10KB - Virtual size: 10KB