kernel build[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

kernel build.exe
Size

2.2MB
MD5

104fc07c6d73427cc3f063109d41a13e
SHA1

778ed25b7785cfec80a8bc64e87c134ffe53acc2
SHA256

9eec449db58eeff771d5bf5366e3b9256698c85839c0e9715cfb17a0894b82cc
SHA512

63bb84de6ec2bb04d0c2d4ab557bd8b07129ed3536805c426e64cc63f2c34974228c4591e5a600a03b895527c73ab49223a34dfad3e52e1fdf5755f2b0d60512
SSDEEP

49152:LId8/1NjDjDjDAHib5/qXNYgG5Yga0yTi2FAq3F9msLm:LvwCbtqdW92F5F9Rm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kernel build.exe

Files

kernel build.exe
.exe windows:6 windows x64 arch:x64

53aad05e09740fa99c7b917cb1b9cfdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\carson\Desktop\v2\new new v2\New folder\kernel build.pdb

Imports

winmm

PlaySoundA

kernel32

GetCurrentProcess
Process32First
CreateToolhelp32Snapshot
CreateFileA
Process32Next
lstrcmpiA
TerminateThread
MultiByteToWideChar
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetFileSizeEx
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetConsoleWindow
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FormatMessageA
LoadLibraryA
GetLocaleInfoEx
CreateDirectoryW
FindClose
GetProcAddress
LoadLibraryExA
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
VirtualAlloc
DeviceIoControl
VirtualFree
CloseHandle
Sleep
GetModuleHandleA
CreateFileW
SetConsoleTitleA
ReadFile
IsDebuggerPresent
ReleaseSRWLockExclusive

user32

GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
GetMessageExtraInfo
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
LoadIconA
SendMessageA
EnumWindows
MoveWindow
MessageBoxA
IsWindowUnicode
ReleaseCapture
SetCursorPos
DispatchMessageA
LoadCursorA
DestroyWindow
MonitorFromWindow
GetSystemMetrics
SetWindowLongA
SetWindowDisplayAffinity
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
GetWindowTextA
ClipCursor
GetAsyncKeyState
ScreenToClient
GetForegroundWindow
ShowWindow
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
FindWindowA
GetWindowRect
SendInput

gdi32

CreateSolidBrush

advapi32

RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Mtx_lock
_Mtx_unlock
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?id@?$ctype@D@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Strcoll

ntdll

RtlVirtualUnwind
RtlInitAnsiString
RtlLookupFunctionEntry
RtlCaptureContext
RtlAnsiStringToUnicodeString
NtQuerySystemInformation

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__current_exception
__current_exception_context
__intrinsic_setjmp
_CxxThrowException
memmove
memcpy
memchr
strrchr
strchr
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
longjmp
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fputc
__stdio_common_vsscanf
_wfopen
fgetc
fgetpos
ftell
ferror
_set_fmode
fopen
__acrt_iob_func
fflush
fclose
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
clearerr
setvbuf
fread
feof
_lseek
fwrite
_fileno
_open
fgets
_write
_close
_setmode
__stdio_common_vfprintf
fseek
_read
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

perror
terminate
_beginthreadex
system
_invalid_parameter_noinfo_noreturn
abort
_register_thread_local_exe_atexit_callback
exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
__p___argv

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
tolower
_stricmp
strcmp

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_mkdir
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
strtod
strtoull
atof

api-ms-win-crt-math-l1-1-0

fmodf
cosf
ceilf
atan2f
roundf
_dsign
powf
sinf
acosf
sqrtf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1013KB - Virtual size: 1021KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53aad05e09740fa99c7b917cb1b9cfdd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

wininet

d3d11

d3dx11_43

d3dcompiler_43

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 885KB - Virtual size: 885KB

.rdata Size: 263KB - Virtual size: 262KB

.data Size: 1013KB - Virtual size: 1021KB

.pdata Size: 34KB - Virtual size: 34KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 263KB - Virtual size: 262KB

.data
Size: 1013KB - Virtual size: 1021KB

.pdata
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 4KB