x2m[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x2m.exe
Size

2.3MB
MD5

a0f834815ffb30b8b8ad227cb600a660
SHA1

0d40ca641e393ec05b9a141ed2b5d13956313326
SHA256

dceaa6d0571cf12a182702ed74710f5abb01c51cc65758ee09b737f96c2faf83
SHA512

5accd8758a7b1ea654e24dc33aa1b5c125882fea290b00dd6694683b5a2759e5cb5f984adf0665aff8c18b9cd7f0abd314b908b62bc4932c80490d97f5736cc4
SSDEEP

49152:sVP2w3Zc6xNCXeqw3p8F7DAuXF8JaxYPPkpoK860C1Tu+GizqKElZRft/bqXq:sVP2w3Zc6xNCXeqw3p8BDAuXF8JaxYPH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x2m.exe

Files

x2m.exe
.exe windows:4 windows x86 arch:x86

f58f8c68d3694a7a98e7b9852f5b5387

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceA
ReportEventA

comctl32

CreateStatusWindowA

gdi32

CreateCompatibleBitmap
CreateFontA
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileType
GetHandleInformation
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA

msvcrt

___mb_cur_max_func
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_close
_endthreadex
_errno
_exit
_fdopen
_fileno
_fstati64
_getch
_getpid
_initterm
_iob
_lock
_lseeki64
_memicmp
_mkdir
_onexit
_open
_open
_read
_setjmp3
_setmode
_snprintf
_snwprintf
_stat
_stati64
_strdup
_stricmp
_strnicmp
_strtoi64
_sys_nerr
_ultoa
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
gmtime
fseek
ftell
fwprintf
fwrite
getenv
isalnum
islower
isspace
isupper
isxdigit
localeconv
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
qsort
raise
realloc
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strpbrk
strspn
strstr
strtol
strtoul
time
tolower
vfprintf
vsprintf
wcscpy
wcslen
wcsstr

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

AppendMenuA
CreateWindowExA
DefWindowProcA
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDC
GetMessageA
GetProcessWindowStation
GetSystemMenu
GetSystemMetrics
GetUserObjectInformationW
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxW
PeekMessageW
PostMessageA
PostQuitMessage
PostThreadMessageA
RegisterClassExA
ReleaseDC
SendMessageA
SetFocus
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getservbyname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f58f8c68d3694a7a98e7b9852f5b5387

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

ole32

shell32

user32

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 36KB - Virtual size: 36KB

.rdata Size: 418KB - Virtual size: 418KB

/4 Size: 283KB - Virtual size: 283KB

.bss Size: - Virtual size: 15KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 36KB - Virtual size: 36KB

.rdata
Size: 418KB - Virtual size: 418KB

/4
Size: 283KB - Virtual size: 283KB

.bss
Size: - Virtual size: 15KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 24KB - Virtual size: 24KB