VixenFree[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VixenFree.exe
Size

5.0MB
MD5

b4768db44e0deb8c7da079414b8c037a
SHA1

6c4ecd3269ba8d9b605c06fa0fa6a84ed8346adc
SHA256

a192e85637f8847ce422d45751eee7bf30bf2d078504beacf05d783c9bad8d83
SHA512

71930a138b32687d573eb8e0576c5c77d551a3d5b698eb78d05e81b088e83a7e60a3645e9b3bec4c418d73c0a6bd3a2aa94786d48cdf9228f28fae09dd5d4d2a
SSDEEP

98304:MCYahtLJ30uTyWWwna8gFvk+04ZRQN5oh2iB38vYe5IJ17aIQNBT1:1j0uTWwa3k+04ZRQI38we5uCBT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VixenFree.exe

Files

VixenFree.exe
.exe windows:6 windows x64 arch:x64

Password: infected

5ba69101fd5076fced999fbcfb0bf77a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmReleaseContext

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-string-l1-1-0

isprint

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

asin

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

��ʁ��l7Uya�YL�!�P:2�݊mJ�� &��2�uX�s�)%W*�� [b��(�Γ^��AMf�&��r3�֦Ag��c��+��D?��V'u�t,��^��v�i jDř��1��d�P�)i��1*��ψ�˓�ELJ��_A?�DF�x8�1��5*.��t�KB#��Q��z��3��<��.�fG= �x�2�A��e��#u�� X��ʂ��@L�wM��HD�?��{�Py��t�[r��޹��Rj��o�/�#�Vǖ�dT|�Q�B�^��pPP責�з~b��B��ߧ��i��Y2��B��J�1��@��(��=��(F8� �Y/~�^azB;]��I{@1�S��[�q�1 �C��7��Ҋ�-�BqP��˚�%*c��#W.%�=��ߓ�7dC�t��t��-�-��v��̤D$�t�*x��|yt=G��_O�Di+�j�u��g�2�̵s19)*)��e�Oj� x$�� qꑣ꽧e�� 7�&��h�4|�3��۵�r�ot��'M�@5�>��~��!~�do�Aj� '�=$q0��~m��pդ[��aW �5�!��8^�{��]�P`�>z@P�;��H�}'�65hFv)��"O �0-߸K0�(�C9��Q�)��Ñ�o�j�(j�>J��7/�7,O�b��#M>j2e�(��m,Ȅ�t��{Z!}u��{�P��ױ�/_��P��5N�o�U�N�1��,E��$~��He��mUy�F��5cP�w�m��_��n�M�{Yj��N�"��ͳ�ka�� >cf��:d(�vᖐ�!Øs�C'x��d��1Ivw[4�x�Ut;5�m�b�?�t��r�w��Yݓq��k�z� g5��"�@�'v��ؘPo�Զ��U��빹��k��G��d �� (��H��@)�jr�V�Los �N�M��s��6�,g�gL5��Gf�B��j��j�c��*�(��u~�3��/��m�b_�<~��zu5�ȚgP�@�}Mi:��һR��01w !��X#?�h��$\��U>��B?d��1��M<ܚ�p��L�ate8Y��/�bǗ��e��F�'_e� `�D~�Q��;�0GUk�O%��:E�j��'y3��1j��iz�7�tĮ }9��!g�=8ȝ/��I��-�֠�DaY�X�o �&m�#@�CT>d?��ջRǽ �� 5��C �b��eh�MC*y+��gli�+��;Sbx�Nq��EN��1Bk�Xw0�Aq�9I�ؕ�X@�U5T2��,>��=��.�dn��OX�:@��#d�@T�6��8܈�&x��#<� '+M�za��"��}R�k�,7.��R�.��h��4��L�<��ߥ;��+ہc��`�F��S-_��rߓ�g�[M�4�5*-R:��;6�a�9�Բ2��3ǓR��颼��;��L�*VbEzmi�<a&bU�Es< ��i�Gi�y*��3�dC&��$D��[�.�LF��]j34��&�wh"��\��wTw�3岐l0�g��0�Rw�G��!Q�G]t�/� ��v�N1�Q�H�qר"��P�E=s� �o(��ۤ��Kxt��E�o�3ų�ڕ9�ٛ!�MB��xV��e.��4��5RL�V�~��(:�O��c�n;�o/� ��H��Sռ�+rsg�@j_��T��44��`�}�Q��}�\%W;.��V-+� �fYZ��?��ɳQ3(_�OB�̶��I��c�u��gz��L��F��X��vN�\ٳ��%Q�ߔ��(#7;��ݰRx�?ۛ�׺1o_��js1��.��z�� YuJ]o\��Ы%-G��M��y~K-��嬜��_3�}8CQ�d��K�l��q�vzy�%� �:A�|��~8T�p��f3��di�a��N�+�(��5��ɾ��6�#��Zw��)��,��+�.��q��S�Q9yw{~�R� k��h�D�dO^=��#V�Ɋ��7Ɠ�� Iфvrv�`+�ǜ��ݱ�5��r��dA@ȅc�W__��i�;.:��Kf�oS%�d�"��gXD�)�]��׿��t"\�ӈ�%�E �5ȷ��{H�)��O-��Ԟ̜i ��)�� p��J� 03�sC�i��S��ȋ��Iνۋ�;�r�;�A�խ(<��i��-��<,��j�K�p��)��?��"!q�a�0�%<e��.�Ȳnt��/��:��n�p�5!@�5��^ !:ͫt�q�Ga��l��k��aS*��Je>T��X�_v��Z:� Ai�7fD _�i鑛K��o�-7�fpf�P{��@.GY�� xz�iNB��.�a<� �n,42*�*(��(U�'�z��%��g�.M͸��/=�~9�B��ԙ*��[h^��-.l�4��C��I�ӯ�1��P�$��,(�&��L��u�.iF��J�Ͱ,�>XĽ��ȳk�p�]ˉǑ75�X#�-+�N�K��䅙��L-�m�� V<��.p[�Y�QQ�#�(L�W��=��T��#Y�Z2��%��Q��8�BS-]zի6��S)��\��8ԧ ��\g��D�o�N�~]�!�%��j\K\WJ��Y��7g�7%��z��}�9I �d��Su��*J��ɣ+9��U?zљ֗|p!�4��a��O&I�A�97=s�~�m�^�s��~#sw��N�Y �d�ń��l��|ґ�%hDf��) ly/)��r��f�k��|�vgbc0�g�572�/�ȡ�o��

Sections

.text
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vixen0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5ba69101fd5076fced999fbcfb0bf77a

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

imm32

msvcp140

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 236KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 9KB

.vixen0 Size: - Virtual size: 3.2MB

.vixen1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 236KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 9KB

.vixen0
Size: - Virtual size: 3.2MB

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 512B - Virtual size: 480B