socd_cleaner[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

socd_cleaner.exe
Size

152KB
MD5

6d67dac23832cc767751a283ca6ae406
SHA1

7ffcd1ae41ad8837b4e61ed707ec664eb3e07da4
SHA256

713d7ef8cb4d9232551cddd2782b35c5d8b66ea6f550c154928557e780d2505d
SHA512

d296b8b33e35b1b6b2e468c2b5d3845cf2e7059fe6b3c8379621686bed2f38543eed164e919416e1eb1a8121fd981cea3a2a2387dd0736a5b939d0a67c624d40
SSDEEP

3072:/ecpdahZA721Rz7gKLPGIR2wQxjRbd138O8g:7YA78hc0PDR2XZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
socd_cleaner.exe

Files

socd_cleaner.exe
.exe windows:6 windows x64 arch:x64

Password: 1234

e8eb2df32e872fe0b1124a29f0c20765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetKeyNameTextW
DispatchMessageA
TranslateMessage
GetMessageW
CheckRadioButton
RegisterClassExW
LoadCursorA
LoadIconA
SetWinEventHook
DefWindowProcW
SetFocus
PostQuitMessage
GetWindowThreadProcessId
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyW
SendInput
CallNextHookEx
CreateWindowExW
wsprintfW
MessageBoxA

shlwapi

PathStripPathA

kernel32

TlsSetValue
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetFileSizeEx
ReadConsoleW
ReadFile
SetFilePointerEx
CreateFileW
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetLastError
ExitProcess
OpenProcess
QueryFullProcessImageNameA
CloseHandle
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
FindClose
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

e8eb2df32e872fe0b1124a29f0c20765

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 58KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 58KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB