buildID_65915241[.]exe

Resubmissions

21-08-2024 14:43

240821-r3mvhsxeqp 3

Sharing

Copy URL

Twitter E-mail

General

Target

buildID_65915241.exe
Size

3.2MB
MD5

6313b7c309a98fb3268f46021374be4f
SHA1

2128db340d6958c6145774e96fafaffb91384cfd
SHA256

3fad2bcf24958c25e670484a7c20108fceee9acc824ff6bc985e6dd35c121a50
SHA512

8b01fe78d4574e637a62ccf0d75c471497547fd7d5554f30c09130d47d7d2402a16161cdd637b970222bf9ff55949095a1593c13ded51ea9c9b4fb237c8a173d
SSDEEP

49152:0iLr0Wn5uPnlwRpblMHMDDRU5/5exDNsX4JLYz7YMGek:0tBAblMsDDs015mf/Vk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
buildID_65915241.exe

Files

buildID_65915241.exe
.exe windows:6 windows x64 arch:x64

1aeb9dd35368038eefd028831cbb8ce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

GetThreadContext
CreateToolhelp32Snapshot
LocalFree
VirtualAlloc
VirtualFree
CreateFileW
GetCurrentThreadId
K32EnumProcessModules
Module32NextW
CheckRemoteDebuggerPresent
GetSystemInfo
OutputDebugStringW
SetEvent
CreateEventW
GetEnvironmentVariableW
IsDebuggerPresent
HeapQueryInformation
GetWriteWatch
ResetWriteWatch
GetBinaryTypeW
GlobalGetAtomNameW
CreateFileA
Module32FirstW
GetModuleHandleW
GetModuleFileNameW
WriteProcessMemory
ReadProcessMemory
SetLastError
Process32NextW
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
VirtualProtect
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
CloseHandle
GetLocaleInfoEx
GetFileAttributesExW
AreFileApisANSI
EnterCriticalSection
Process32FirstW
LoadLibraryW
Sleep
FindFirstFileW
FindClose
GetLocaleInfoA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileInformationByHandleEx

user32

FindWindowW
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
IsWindowUnicode
DispatchMessageW
GetMessageExtraInfo
TrackMouseEvent
TranslateMessage
GetClassNameW
FindWindowExW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
LoadCursorW
ReleaseCapture
ScreenToClient
SetCapture
GetCapture
PeekMessageW
LoadIconW
SetWindowLongA
GetWindowLongW
MessageBoxW
MessageBoxA
GetWindowRect
UpdateWindow
GetSystemMetrics
SetWindowDisplayAffinity
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
GetKeyboardLayout

shell32

ShellExecuteA
ShellExecuteW

sentinal

s_get_response
s_token
s_init

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_detach
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Query_perf_frequency
_Query_perf_counter
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

iphlpapi

GetAdaptersInfo

normaliz

IdnToAscii

wldap32

ord301
ord143
ord217
ord46
ord211
ord200
ord60
ord45
ord50
ord41
ord22
ord30
ord26
ord27
ord32
ord33
ord35
ord79

crypt32

CertFreeCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChain

ws2_32

gethostname
sendto
recvfrom
closesocket
freeaddrinfo
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
ntohl
WSAIoctl
getsockopt
htons
ntohs
setsockopt
getaddrinfo
select
socket
WSASetLastError
__WSAFDIsSet
ioctlsocket
WSAStartup
WSACleanup
listen
accept
htonl

vcruntime140

strrchr
strchr
__current_exception_context
wcsstr
_CxxThrowException
__std_exception_destroy
__C_specific_handler
__current_exception
memcmp
memset
memmove
memcpy
memchr
strstr
__std_terminate
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
wcscmp
wcslen
strncmp
_strdup
isupper
strspn
strcspn
strlen
strpbrk
tolower

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
feof
fputs
fopen
_wfopen
fgets
_get_stream_buffer_pointers
_lseeki64
fgetc
fclose
fflush
fgetpos
fputc
fsetpos
fread
_open
_close
_write
_read
_fseeki64
__p__commode
fseek
ftell
_set_fmode
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
setvbuf
__stdio_common_vsscanf
ungetc

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode
_callnewh
calloc

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

acosf
ceilf
sqrt
sqrtf
cosf
sinf
__setusermatherr
pow
fmodf

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtoul
strtol

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
strerror
_getpid
__sys_nerr
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_beginthreadex
_crt_atexit
_errno
_cexit
_seh_filter_exe
_set_app_type
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
abort
_get_narrow_winmain_command_line

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_stat64
_fstat64
_access
_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

advapi32

RegCreateKeyExW
CryptEncrypt
RegCloseKey
CryptDestroyKey
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 424KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.obf01
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1aeb9dd35368038eefd028831cbb8ce7

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

shell32

sentinal

imm32

dwmapi

msvcp140

d3dx11_43

winhttp

ntdll

iphlpapi

normaliz

wldap32

crypt32

ws2_32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

advapi32

Sections

.text Size: 830KB - Virtual size: 829KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 424KB - Virtual size: 428KB

.pdata Size: 26KB - Virtual size: 26KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

.obf01 Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 830KB - Virtual size: 829KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 424KB - Virtual size: 428KB

.pdata
Size: 26KB - Virtual size: 26KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB

.obf01
Size: 1.7MB - Virtual size: 1.7MB