conspiracy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

conspiracy.exe
Size

4.9MB
MD5

b7219857e8e1305def7a814ad27f5fb5
SHA1

b41ee7cf66e7cfbc19764c1ca5bbddcc6141e0bb
SHA256

c3d568da2c0055824bfc629de90970014fe15164693f7acc478dc7e06891516f
SHA512

fa35a119b73e9fba4dad22966f5a13ae5486931c1f1559ec7e0e4fbf4523d5b463407c7058254fdc5160352cd668bf3ae55dbb352a1276704233d5e313dcd9fd
SSDEEP

98304:sns9/Q1iGYfrDmf3lDe6s+ZDJeea1TPj5TicSaONd7pPka0gR:CcMVCvIl5DJennSF/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
conspiracy.exe

Files

conspiracy.exe
.exe windows:6 windows x64 arch:x64

0fc5c1d21aadbda444db1620a3f6dbff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

user32

DefWindowProcA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ControlService

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nigga0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nigga1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ