Alyx_External[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Alyx_External.exe
Size

1.7MB
MD5

4ee7dfd615acd61ba2c9dcb4465af3f1
SHA1

e0e1d70c8565935a41f94a127c9b2cb4fbcf981a
SHA256

3be020989116b67dd3961588c38f17371536ec29c2905980685dd1e32f5a944e
SHA512

072511331b94008f6a52d7c5df75e44237498f26851fd054d16ece05337fc93f6a154b9ead191e285bc811ea1f94c89ff9e4f41c5a56f8a556f5933621e2de8e
SSDEEP

49152:+mdzvKdWD9z869vPKyLCvjw+NB284gt5E:bTG69vPKyLCvj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Alyx_External.exe

Files

Alyx_External.exe
.exe windows:6 windows x64 arch:x64

Password: a

1b9eacafadb0636fa47aeef0c011aac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getnameinfo
freeaddrinfo
recv
ntohs
socket
send
getsockname
getpeername
WSAStartup
getaddrinfo
WSASocketW
listen
shutdown
select
closesocket
bind
accept
WSACleanup
setsockopt
gethostname
ioctlsocket
sendto
recvfrom
htonl
connect
__WSAFDIsSet
htons
WSAIoctl
WSAGetLastError
WSASetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt

kernel32

GlobalLock
WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetFileSizeEx
CreateFile2
UnmapViewOfFile
CreateFileMappingFromApp
MapViewOfFileFromApp
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
SetConsoleWindowInfo
GetConsoleWindow
VirtualQueryEx
GetProcessId
K32QueryWorkingSetEx
VirtualAllocEx
Process32First
CreateToolhelp32Snapshot
Process32Next
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
GetSystemDirectoryA
GetLastError
GetEnvironmentVariableA
FormatMessageW
VirtualProtectEx
GetSystemTimeAsFileTime
GetFileType
ReadFile
CloseHandle
WaitForMultipleObjects
GlobalAlloc
VerifyVersionInfoW
VirtualFree
WakeAllConditionVariable
GetCurrentThreadId
InitOnceComplete
InitOnceBeginInitialize
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
SleepConditionVariableSRW
GetSystemInfo
ReadProcessMemory
GlobalFree
MultiByteToWideChar
Sleep
VirtualAlloc
SleepEx
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
GetCurrentThread
GetCurrentProcessId
CreateFileA
LoadLibraryA
OpenProcess
GetModuleHandleA
WriteProcessMemory
InitializeSListHead
GetProcAddress
PeekNamedPipe
MoveFileExA
WaitForSingleObjectEx

user32

ShowScrollBar
IsWindowVisible
EnableMenuItem
MessageBoxA
GetSystemMenu
SetWindowPos
FindWindowA
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetKnownFolderPath

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Query_perf_counter
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Cnd_signal
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_hardware_concurrency
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_wait
_Thrd_id
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??7ios_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAdjustPrivilege
NtRaiseHardError

urlmon

URLOpenBlockingStreamA

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptGetProperty

vcruntime140

__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception_context
__current_exception
memmove
memchr
strrchr
memcmp
memset
memcpy
_purecall
strchr
strstr
__std_exception_copy
__std_exception_destroy
wcsstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
realloc
malloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit
_invalid_parameter_noinfo
system
_beginthreadex
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
__p___argv
_initialize_narrow_environment
__p___argc
_cexit
exit
_seh_filter_exe
_configure_narrow_argv
_errno
__sys_errlist
__sys_nerr
abort
_set_app_type
_get_initial_narrow_environment
_exit
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strcspn
strcpy_s
strpbrk
strcmp
isdigit
strnlen
strspn
strncpy
_strdup
tolower
strncmp

api-ms-win-crt-stdio-l1-1-0

fgets
_open
fopen
_set_fmode
fputc
fgetc
feof
__stdio_common_vfprintf
fgetpos
__stdio_common_vsscanf
fread
setvbuf
__stdio_common_vsprintf
fwrite
ungetc
__p__commode
fseek
fclose
fflush
__acrt_iob_func
_read
ftell
__stdio_common_vswprintf
_write
_fileno
fsetpos
_fseeki64
_get_stream_buffer_pointers
fputs
_close
_lseeki64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs
strtod
strtoull
strtoul
strtoll
atoi

api-ms-win-crt-math-l1-1-0

cosh
exp
atan
cos
atan2
fmod
acos
ceilf
ceil
log
log10
_fdopen
floor
ldexp
round
log2
_dsign
tanh
__setusermatherr
pow
sin
asin
sinh
sqrt
tan

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-filesystem-l1-1-0

_access_s
_unlock_file
_access
_fstat64
_stat64
_lock_file
_unlink

wldap32

ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46
ord143
ord217

normaliz

IdnToUnicode
IdnToAscii

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: a

1b9eacafadb0636fa47aeef0c011aac9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

msvcp140

ntdll

urlmon

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

wldap32

normaliz

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 48KB - Virtual size: 56KB

.pdata Size: 50KB - Virtual size: 50KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 48KB - Virtual size: 56KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 6KB