Artemis[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Artemis.exe
Size

1.2MB
MD5

6d6ac0135187d979f9a24d4960803cb4
SHA1

495a6825b9bff60866883791185e84e93f507d12
SHA256

62f05fd35bdb0bf22444a389b483b5fdd52a43cfa5dca80b097360a48128a03a
SHA512

977c5d4d806708d2aefc27c1a8b6c1412009cb4a8b0509ff516c0a2ff6ed0f5bc982ab0397fbbfc8627ed91010ac247d54b8f3c94258d1b80d3c226ee56f1fd9
SSDEEP

24576:Q+y83yX1PoUvcUMfPIOK2tOK02WokflCYH+7PK0lOnkh0lhSMXlb0niTXpw5KC55:Q+nWQUbMfPIneMllCYH+7PK0l6JwniK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Artemis.exe

Files

Artemis.exe
.exe windows:6 windows x64 arch:x64

6615b93b59db24e5d17db5c8e248bc3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetLastError
GetEnvironmentVariableA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
IsProcessorFeaturePresent
IsDebuggerPresent
Process32Next
CreateToolhelp32Snapshot
OpenProcess
LoadLibraryExA
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
WriteProcessMemory
Process32First
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
CreateEventA
WaitForSingleObject
GetModuleHandleW
SleepConditionVariableSRW
GetCurrentThreadId
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
TerminateProcess
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
InitializeSListHead
GetTickCount
AcquireSRWLockExclusive
GetSystemDirectoryA
ReleaseSRWLockExclusive
GetConsoleWindow
VirtualProtectEx
CloseHandle

user32

GetWindowRect
GetSystemMetrics
SetClipboardData
DispatchMessageA
DestroyWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
SetProcessDPIAware
UnregisterClassA
GetClientRect
SetWindowLongW
SetCursor
SetCapture
BringWindowToTop
GetAsyncKeyState
MoveWindow
TranslateMessage
LoadIconA
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId
IsWindowVisible
PostThreadMessageA
SetWindowsHookExA
FindWindowA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
SetLayeredWindowAttributes
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetFocus

gdi32

GetDeviceCaps
CreateSolidBrush

advapi32

CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Query_perf_counter
_Thrd_detach
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__std_terminate
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memmove
memchr
strrchr
strstr
memset
memcpy
strchr
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free
_set_new_mode
calloc

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
__sys_nerr
__sys_errlist
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_c_exit
_initterm
_initterm_e
_exit
exit
__p___argv
__p___argc
_beginthreadex
system
_errno
terminate

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
_strdup
toupper
isblank
isalnum
tolower
isspace
strspn
strcmp
strpbrk
strcspn

api-ms-win-crt-stdio-l1-1-0

_fseeki64
_lseeki64
fputs
__stdio_common_vswprintf
feof
_close
_set_fmode
_fileno
_write
fopen
fgets
_read
ftell
_open
fputc
__stdio_common_vfprintf
__p__commode
__stdio_common_vsscanf
fread
__acrt_iob_func
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fclose
fseek

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
wcstombs
atoi
strtoul

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime
_localtime64

api-ms-win-crt-math-l1-1-0

_ldsign
_fdsign
ceilf
cosf
__setusermatherr
floorf
_fdopen
fmodf
sqrtf
sinf
_dsign
acosf

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_fstat64
_access

ws2_32

socket
htons
gethostname
ioctlsocket
WSAIoctl
setsockopt
WSACleanup
WSAStartup
getpeername
sendto
ntohs
WSAGetLastError
WSASetLastError
closesocket
WSAWaitForMultipleEvents
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
__WSAFDIsSet
connect
bind
accept
select
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent

wldap32

ord22
ord41
ord45
ord60
ord211
ord46
ord217
ord143
ord26
ord27
ord32
ord33
ord50
ord35
ord79
ord30
ord200
ord301

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6615b93b59db24e5d17db5c8e248bc3e

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d11

kernel32

user32

gdi32

advapi32

msvcp140

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

wldap32

normaliz

crypt32

Sections

.text Size: 887KB - Virtual size: 887KB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 42KB - Virtual size: 41KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 887KB - Virtual size: 887KB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB