h1-mod[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

h1-mod.exe
Size

10.3MB
MD5

d3d9bcc9c4fd201e69659a84ed862c81
SHA1

80de633c98b6627ec0f13444dda70ae0048d6a04
SHA256

71fdb539756527b1889f24f729a23966ea8e0e4e0f072f66c1aca784b3f87df4
SHA512

0fb7f25a96f7eccfde8154baad416b7be6e6283c92f54550c223f8b4d3ad3844d1e4cf24690b560d6f46355e3fb8284f46eeaa1f9ccc0979c5ef959034df3c63
SSDEEP

196608:n2qC95rkUwgo9AF2ioyiwnAvYNzBq4nvya+qGhu3YNz:2TDoUrok2e6YNzjnvnFXYNz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
h1-mod.exe

Files

h1-mod.exe
.exe windows:6 windows x64 arch:x64

a3425780b2911fe767ab2acc41e6e59e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\h1-mod\h1-mod\build\bin\x64\Release\h1-mod.pdb

Imports

crypt32

CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine
CryptProtectData
CertAddCertificateContextToStore

kernel32

GetTickCount64
DeleteCriticalSection
SetThreadContext
GetThreadContext
HeapDestroy
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLargePageMinimum
InitializeCriticalSection
AddVectoredExceptionHandler
GetProcAddress
GetVolumeInformationA
LocalFree
VirtualProtect
FlushInstructionCache
DecodePointer
GetCommandLineA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleCursorPosition
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
CreatePipe
GetExitCodeProcess
WaitForSingleObject
SetEndOfFile
SetStdHandle
GetCurrentProcess
GetLastError
InitializeCriticalSectionEx
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcessId
GetCurrentDirectoryA
CreateProcessA
SetThreadExecutionState
VirtualAlloc
GetModuleFileNameW
HeapQueryInformation
HeapSize
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
CreateProcessW
SetEnvironmentVariableW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleA
CloseHandle
CreateFileA
SetUnhandledExceptionFilter
GetVersionExA
TerminateProcess
GetCurrentThreadId
SetEvent
CreateEventA
SetConsoleTitleA
ReadConsoleInputA
GetConsoleWindow
DuplicateHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
CompareStringEx
LCMapStringEx
GetSystemTimeAsFileTime
FlsFree
OutputDebugStringA
SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SleepEx
MoveFileExA
SetConsoleTextAttribute
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
GetFileSizeEx
WriteFile
CreateFileW
WaitNamedPipeW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
LoadLibraryExA
FormatMessageA
GetSystemInfo
VirtualQuery
VirtualFree
SizeofResource
FindResourceA
LockResource
LoadResource
GlobalLock
GlobalUnlock
GetSystemFirmwareTable
MoveFileA
DeleteFileA
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadId
OpenThread
SetFilePointer
GetTempPathA
GetTempFileNameA
FlushFileBuffers
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
RaiseException
TryAcquireSRWLockExclusive
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
DeviceIoControl
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetExitCodeThread
GetLocaleInfoEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
IsProcessorFeaturePresent
EncodePointer
FlsAlloc
FlsGetValue
FlsSetValue
ReadFile

user32

DefWindowProcA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
SendMessageA
GetWindowRect
OpenClipboard
CloseClipboard
GetClipboardData
AdjustWindowRect
DestroyWindow
UpdateWindow
FindWindowA
GetClientRect
RegisterClassExA
GetMessageA
MoveWindow
PostQuitMessage
SetWindowLongPtrA
GetWindowLongPtrA
SystemParametersInfoA
IsWindow
UnregisterClassA
LoadImageA
DestroyIcon
SetWindowPos
MessageBoxA
ShowCursor
DispatchMessageA
TranslateMessage
GetShellWindow
GetWindowThreadProcessId
ShowWindow
MsgWaitForMultipleObjects
PeekMessageA
LoadIconA

gdi32

DeleteObject

advapi32

CryptAcquireContextW
CryptGenRandom
RegCreateKeyExW
RegSetValueExW
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
GetUserNameA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetCurrentHwProfileA
RegCreateKeyExA
RegSetKeyValueA

shell32

SHGetKnownFolderPath
ShellExecuteA
CommandLineToArgvW

ole32

CoUninitialize
OleSetContainedObject
CoTaskMemFree
CoGetClassObject
OleUninitialize
CoCreateInstance
CoInitializeEx
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayAccessData

ntdll

NtQueryObject
RtlPcToFileHeader

ws2_32

gethostname
accept
listen
WSAIoctl
getaddrinfo
freeaddrinfo
WSAGetLastError
getpeername
getsockname
gethostbyname
connect
closesocket
send
ioctlsocket
WSASetLastError
recv
sendto
recvfrom
__WSAFDIsSet
select
htonl
ntohs
socket
setsockopt
bind
htons
WSAStartup
WSACleanup
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent

dwmapi

DwmSetWindowAttribute

bcrypt

BCryptGenRandom

dbghelp

MiniDumpWriteDump

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamGameServer
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3425780b2911fe767ab2acc41e6e59e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

ws2_32

dwmapi

bcrypt

dbghelp

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 235KB - Virtual size: 6.5MB

.pdata Size: 125KB - Virtual size: 124KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 235KB - Virtual size: 6.5MB

.pdata
Size: 125KB - Virtual size: 124KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB