exe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

exe.exe
Size

856KB
MD5

9aa0017fd6ac057b49705df8bc9f7814
SHA1

decf4d0d06fa055571def77e54a5c0df5a6745af
SHA256

29b66b9010a7f87846224853da58c6b4b09bbcca9e2f0c78b1b61c3e34591a0d
SHA512

b9cc81b9953c3b048d2d6070f0f4f55428185734f12e5d0c6a3ecf5d4e9cf6b88567117e1fef964889b03952119366dea6e9a9f7e30ef2a260ff20187bdcd116
SSDEEP

24576:PrQRb9MP40hAOAAu9hAn2YbdE0yevpznEq:PJJAYOynjbcQp7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
exe.exe

Files

exe.exe
.dll windows:6 windows x64 arch:x64

f9ba76c3a37dcc2a51de243ee51cdb67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\hedge\OneDrive\Desktop\oxycontin\out\oxycontin\oxycontin.pdb

Imports

opengl32

glGetIntegerv
glOrtho
wglMakeCurrent
glDisable
glLoadIdentity
wglCreateContext
glMatrixMode
wglGetCurrentContext
glViewport

jvm

JNI_GetCreatedJavaVMs

kernel32

GetCurrentProcess
MultiByteToWideChar
CloseHandle
GetSystemInfo
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetLocaleInfoA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
Sleep
FlushInstructionCache
VirtualProtect
HeapCreate
HeapDestroy
HeapAlloc
InitializeSListHead
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
GetLastError
GetSystemTimeAsFileTime
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapReAlloc

user32

SetWindowLongPtrW
PostMessageA
CallWindowProcA
FindWindowA
GetAsyncKeyState
GetWindowLongW
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetKeyboardLayout
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetWindowLongW
GetClientRect
SetCursor
IsWindowUnicode
SetWindowLongPtrA
RegisterClassExA
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

gdi32

GetDeviceCaps

shell32

SHGetFolderPathA

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

imm32

ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__vcrt_LoadLibraryExW
memmove
memcmp
__std_type_info_destroy_list
_CxxThrowException
__C_specific_handler_noexcept
__C_specific_handler
__current_exception_context
__current_exception
memset
memcpy
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__vcrt_GetModuleFileNameW
memchr

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s
strncmp
strcmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_beginthreadex
_errno
terminate

api-ms-win-crt-stdio-l1-1-0

ftell
_get_stream_buffer_pointers
fputc
_fseeki64
fsetpos
fgetc
__stdio_common_vsscanf
fread
fgetpos
__stdio_common_vsprintf
_wfopen
fwrite
ungetc
setvbuf
__stdio_common_vfprintf
fseek
fclose
fflush
__acrt_iob_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
atof
strtod

api-ms-win-crt-math-l1-1-0

cosf
ceilf
acosf
sqrtf
fmodf
_dsign
sinf

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_mktime64

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9ba76c3a37dcc2a51de243ee51cdb67

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

jvm

kernel32

user32

gdi32

shell32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 920B