PinkEye[.]exe | Triage

Resubmissions

19-09-2024 16:01

240919-tgctjaxfmr 7

Sharing

Copy URL

Twitter E-mail

General

Target

PinkEye.exe
Size

1.1MB
MD5

942a6d8211f98792357d633f0d6f0658
SHA1

a0963e0b4231f9f7b9b1fd8cf8661d0101b404dd
SHA256

4ae5a89f1c72ab51b8973b7b4da7c9f3b35bd0c21e4d68e7dfe95cbbb7d56242
SHA512

3f6cd4b37222c29c84d2eb369a531b1d409ab32db686989327d9314329d57e303ce2ddb243048b601990bd4e4c4f4b37ae2194c7a9b69abc81da21d2e32a4160
SSDEEP

12288:xHUyYPxv+QvEhK3BFJAvkj4sKGQaiX/fFymJeGr+7kRt6QgtTtBibCII9CnutdHv:xHRY5vBFSedwnFycUc2xUu/Hzmy+Qvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PinkEye.exe

Files

PinkEye.exe
.exe windows:6 windows x64 arch:x64

63b513d728dfe2a14c68d82c97a874da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

SetClipboardData
CloseClipboard
GetDC
MessageBoxA
OpenClipboard
EmptyClipboard
ReleaseDC

urlmon

URLDownloadToFileA

shell32

SHGetFolderPathW
CommandLineToArgvW

bcrypt

BCryptGenRandom

kernel32

Module32Next
OpenProcess
ReplaceFileW
MoveFileW
CreateFileW
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
AttachConsole
WideCharToMultiByte
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
K32GetProcessMemoryInfo
LoadLibraryA
GetProcAddress
GetModuleHandleA
ReadProcessMemory
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
MultiByteToWideChar
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
Module32First
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
MoveFileExW
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
EncodePointer
DecodePointer
RtlUnwind
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
GetStringTypeW
GetCPInfo
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
SetStdHandle
HeapReAlloc
HeapSize
WriteConsoleW
SetEndOfFile
InitializeSListHead
EnterCriticalSection
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
TerminateProcess
DuplicateHandle
CreateProcessW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapFree
GetExitCodeProcess
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
ReadFile
ReadConsoleW
FlushFileBuffers
CreatePipe
IsValidCodePage
GetACP

gdi32

DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
GetDeviceCaps
CreateDCA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 747KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

63b513d728dfe2a14c68d82c97a874da

Headers

DLL Characteristics

File Characteristics

Imports

user32

urlmon

shell32

bcrypt

kernel32

gdi32

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 5KB - Virtual size: 15KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 747KB - Virtual size: 2.3MB

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 5KB - Virtual size: 15KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 747KB - Virtual size: 2.3MB