08-13[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08-13.exe
Size

22.3MB
MD5

3e3ea8f389f87fed43eca27db21edbbe
SHA1

7f713ed0b29b496a07a943b0b78f609379c765b3
SHA256

ad4528017906065c5e46afa480f3375bb7b95a760e04a9e8fbcdacf6d0887571
SHA512

4e7c04cc1c9ecd11e665df723c8b0a340a237e1012aa4f5658cd0a9135ef7d67ab630ef05a5a45d843bd5cac58bda59bb754a941c8532bbd59418f3df019d825
SSDEEP

393216:7eP0oRLEaAijiF3wMZrLCUJsv6tWKFdu9Cd:gee2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08-13.exe

Files

08-13.exe
.exe windows:5 windows x64 arch:x64

2cf6b5f539b4fd01d932d619f7aff365

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
OpenThemeData
GetCurrentThemeName

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysFreeString

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

gdi32

GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW

kernel32

ReleaseMutex
InitializeCriticalSection
CreateMutexW
VirtualAlloc
VirtualFree
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
ExitProcess
GetUserDefaultUILanguage
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
GetProcessHeaps
HeapWalk
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
WriteProcessMemory
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcmpiW
lstrcatW
WaitForSingleObject
GetFileInformationByHandle
TerminateProcess
LocalFree
lstrcmpW
GetModuleHandleW
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
LoadLibraryExW
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
LCIDToLocaleName
VirtualQuery
RtlUnwindEx
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
WaitForMultipleObjects
Sleep
DuplicateHandle
GetSystemDirectoryW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
MultiByteToWideChar
FindCloseChangeNotification
FindFirstChangeNotificationW
CreateEventW
GetLocaleInfoEx
InitializeSListHead
FindNextChangeNotification
FindFirstFileExW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess

ole32

CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateInstance
StringFromGUID2
OleSetClipboard
CoInitializeEx
CoUninitialize

shell32

SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetKnownFolderPath
SHGetKnownFolderIDList
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

user32

LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
SetCursorPos
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
GetCursor
UnregisterDeviceNotification
RegisterDeviceNotificationW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
CharNextExA
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
DestroyCursor
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
DrawIconEx
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
GetTouchInputInfo

winmm

PlaySoundW
timeSetEvent
timeKillEvent

ntdll

isxdigit
isspace
isdigit
strchr
log
floor
bsearch
atoi
ceil
sqrt
_setjmp
memchr
longjmp
strtol
qsort
strncpy
strrchr
wcsncmp
tan
sin
cos
atan
__chkstk
strstr
toupper
memmove
wcsrchr
strcmp
memset
strncmp
memcmp
strlen
memcpy
RtlFreeHeap
RtlAllocateHeap
pow

msvcrt

__set_app_type
_ismbblead
_fmode
___lc_handle_func
?_set_new_mode@@YAHH@Z
_commode
mbtowc
_isatty
_strtoui64
_clearfp
fsetpos
_hypot
fgetpos
?terminate@@YAXXZ
islower
_wcsdup
_wgetenv
_localtime64
_tzname
_timezone
___lc_codepage_func
isupper
__pctype_func
_initterm
_callnewh
_write
_read
fgets
_open_osfhandle
_close
feof
_get_osfhandle
_wchmod
_waccess
asin
_msize
_lseeki64
_endthreadex
_beginthreadex
_tzset
_mktime64
acosf
acos
sinf
floorf
abort
strerror
_errno
log10
atan2
rand
exp
calloc
ftell
fseek
fread
fopen
fclose
getenv
realloc
fflush
malloc
free
_wsplitpath
_local_unwind
__DestructExceptionObject
_amsg_exit
__C_specific_handler
_CxxThrowException
__CxxFrameHandler
_XcptFilter
__argv
__argc
_acmdln
___mb_cur_max_func
_iob
_unlock
_lock
tolower
__getmainargs
_fileno

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

Sections

.text
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 17.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cf6b5f539b4fd01d932d619f7aff365

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

advapi32

kernel32

ole32

shell32

user32

winmm

ntdll

msvcrt

userenv

version

netapi32

ws2_32

Sections

.text Size: 17.7MB - Virtual size: 17.7MB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 84KB - Virtual size: 17.3MB

.pdata Size: 441KB - Virtual size: 440KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 17.7MB - Virtual size: 17.7MB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 84KB - Virtual size: 17.3MB

.pdata
Size: 441KB - Virtual size: 440KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.reloc
Size: 46KB - Virtual size: 46KB