silence[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

silence.exe
Size

1.4MB
MD5

8be1acc4fcaf8b70d116f6963c0c6fc9
SHA1

3c06a3310d4e77f3c29c466ae6a727867092359f
SHA256

e85188686cf3cb4fdf3a61eeef4d16efdc86dc3bb7be050c2781d66d078a5026
SHA512

43bc2f467133516fdd9b7cf3ca82699d7aebddfb33d3228ebd9611ff190002cab970a8deb9e98b5b00144ed9a64641d9258a2b6e8ee050ef3102d184b981fbc6
SSDEEP

24576:hegGj1DqIW8hlT5oVRCq4FuZeWWIEvnUZkGxoJ:0gGW8hh5GHyWWIknU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
silence.exe

Files

silence.exe
.exe windows:6 windows x64 arch:x64

77c03c663ab6e023c328c70fc7f84bde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\aorim\Desktop\silence v2\Build\silence.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

GetCurrentProcess
GetStdHandle
VirtualAlloc
LoadLibraryExA
CreateFileW
CreateToolhelp32Snapshot
CreateFileA
Process32Next
CloseHandle
lstrcmpiA
GetCurrentProcessId
Sleep
GetConsoleWindow
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
FreeLibrary
VirtualFree
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
SetConsoleTitleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
Process32First
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
QueryPerformanceCounter
MultiByteToWideChar
DeviceIoControl
InitializeSListHead

user32

GetWindowRect
DestroyWindow
GetSystemMetrics
SetWindowDisplayAffinity
GetMonitorInfoA
EnumDisplaySettingsA
MoveWindow
CreateWindowExA
TranslateMessage
LoadIconA
DispatchMessageA
GetCursorPos
FindWindowA
DefWindowProcW
GetForegroundWindow
GetAsyncKeyState
ScreenToClient
LoadCursorA
GetKeyState
SetClipboardData
GetClipboardData
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
ShowWindow
SetWindowLongA
GetWindowLongA
SetLayeredWindowAttributes
IsWindowUnicode
SetCursor
EmptyClipboard
GetClientRect
ReleaseCapture
SetCapture
SetCursorPos
TrackMouseEvent
ClientToScreen
GetCapture
MonitorFromWindow
OpenClipboard
CloseClipboard
SetProcessDPIAware

gdi32

CreateSolidBrush

advapi32

RegSetValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
RegCreateKeyA
RegQueryValueExA

shell32

SHGetFolderPathW

msvcp140

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_id
_Thrd_join
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtQuerySystemInformation

dbghelp

ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

sentinal

s_token
s_init

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__current_exception
__current_exception_context
__intrinsic_setjmp
_CxxThrowException
memmove
memcpy
memchr
strrchr
__C_specific_handler
strstr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
longjmp
memset

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_beginthreadex
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
system
terminate
perror
_invalid_parameter_noinfo_noreturn
abort
_wassert
_errno

api-ms-win-crt-stdio-l1-1-0

__p__commode
fflush
fclose
fgetc
fwrite
_set_fmode
fputc
__stdio_common_vsscanf
_wfopen
__stdio_common_vsprintf
fgetpos
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fopen
_fseeki64
fread
fsetpos
ungetc
setvbuf

api-ms-win-crt-math-l1-1-0

cosf
fmodf
sinf
roundf
atan2f
sqrtf
atan
acosf
ceilf
_dsign
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtod
atof
strtoull
strtol
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
remove

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
strcmp
strncpy
strncmp

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77c03c663ab6e023c328c70fc7f84bde

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

gdi32

advapi32

shell32

msvcp140

d3dx11_43

ntdll

dbghelp

imm32

dwmapi

sentinal

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 907KB - Virtual size: 906KB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 18KB - Virtual size: 20KB

.pdata Size: 40KB - Virtual size: 39KB

.rsrc Size: 215KB - Virtual size: 214KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 907KB - Virtual size: 906KB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 18KB - Virtual size: 20KB

.pdata
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 215KB - Virtual size: 214KB

.reloc
Size: 4KB - Virtual size: 4KB