conceal[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

conceal.exe
Size

1.5MB
MD5

b1bbfa5d7e50f66e378ad094cfbdd3c3
SHA1

b03d5a9487e4a3e0b4b14fdfaf7778f400934558
SHA256

7e38f2cb86970ccfdf94aefa18e105cb2d53ad15a70a94ff5ba1f58fe2303b24
SHA512

bd2fa2a10115c9d88f455493f2d99c9395106cef7f5e4bf47e4071b93159c92f22a4dc32254db83bb99444e181686a7e76540795c2c6b3fe69d0c708f1ff9716
SSDEEP

49152:chpmyPaxSIvQ7DE0dIzjx/Rcu5bmoI0/20e:m55dIzjx/Rcu5bmoI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
conceal.exe

Files

conceal.exe
.exe windows:6 windows x64 arch:x64

Password: 2

c63536ddc9e7135144f115967fca6a7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\night\Documents\remakes\yuki-v2\yuki\build\gloom.pdb

Imports

kernel32

SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetSystemDirectoryW
LoadLibraryW
SleepEx
GetSystemInfo
GetTickCount
MoveFileExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateFileMappingW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
VirtualProtect
VerifyVersionInfoW
GetFileSizeEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetFileInformationByHandleEx
OutputDebugStringW
TerminateThread
lstrcmpiA
CloseHandle
Process32Next
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
GetCurrentProcess
SetConsoleTitleA
Process32First
GetCurrentProcessId
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
AddVectoredExceptionHandler
GetLastError
QueryFullProcessImageNameW
QueryPerformanceCounter
FreeLibrary
WaitForMultipleObjects
VerSetConditionMask
GlobalFindAtomA
GetConsoleWindow
Sleep
GetModuleHandleA

user32

DefWindowProcW
SendInput
ReleaseCapture
SetWindowPos
GetSystemMetrics
GetAsyncKeyState
ScreenToClient
ShowWindow
FindWindowA
MoveWindow
GetForegroundWindow
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
DispatchMessageA
SetCursorPos
IsWindowUnicode
SetProcessDPIAware
GetCursorPos
SetCursor
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
GetCapture
MonitorFromWindow
GetMessageExtraInfo
GetKeyState
LoadCursorA
DefWindowProcA
GetMonitorInfoA
SetWindowDisplayAffinity
GetWindowRect
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
SetWindowLongA
PeekMessageA
LoadIconA
SetCapture
DestroyWindow
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
GetClientRect
OpenClipboard

gdi32

CreateSolidBrush

advapi32

RegSetValueExA
CryptImportKey
CryptDestroyKey
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
ConvertSidToStringSidA
CopySid
SetSecurityInfo
RegCreateKeyExA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptEncrypt
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

_Thrd_detach
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
_Xtime_get_ticks
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??Bios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
_Mtx_unlock
_Query_perf_counter
_Mtx_lock
?_Random_device@std@@YAIXZ
_Query_perf_frequency
_Thrd_join
_Thrd_id
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

ntdll

RtlVirtualUnwind
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlAnsiStringToUnicodeString
NtQuerySystemInformation

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

PathFindFileNameW

psapi

GetModuleInformation

userenv

UnloadUserProfile

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

wcschr
strrchr
memset
__current_exception
__current_exception_context
memmove
strstr
memcpy
strchr
memcmp
__std_exception_destroy
__std_exception_copy
__std_terminate
memchr
_CxxThrowException
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_close
_wopen
_write
fgets
_open
fputs
_fileno
fwrite
_lseeki64
fseek
_set_fmode
_lseek
__p__commode
_read
_popen
_pclose
feof
fread
clearerr
fputc
_setmode
fgetc
__stdio_common_vsscanf
_wfopen
fclose
ferror
ftell
__stdio_common_vfprintf
__stdio_common_vsprintf
fopen
fgetpos
_get_stream_buffer_pointers
fflush
_fseeki64
fsetpos
ungetc
setvbuf
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

system
terminate
_invalid_parameter_noinfo_noreturn
_beginthreadex
exit
__sys_errlist
__sys_nerr
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo
_resetstkoflw
_errno

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
_set_new_mode
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
sinf
sin
_fdopen
fmodf
cosf
_dclass
ceilf
sqrtf
_dsign
acosf

api-ms-win-crt-convert-l1-1-0

wcstombs
strtol
atoi
strtoll
strtod
atof
strtoul
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_fstat64
_wstat64
_unlink
_unlock_file
_mkdir

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-string-l1-1-0

_strdup
wcsncpy
strncpy
strncmp
tolower
_wcsdup
_stricmp
strcspn
wcspbrk
strspn
strcmp
strpbrk
wcsncmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64
_gmtime64

ws2_32

setsockopt
socket
htons
WSAIoctl
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
getsockname
freeaddrinfo
getpeername
connect
recvfrom
sendto
bind
WSACleanup
WSAStartup
ioctlsocket
inet_ntop
WSASetLastError
gethostname
recv
ntohs
inet_pton
WSAGetLastError
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertOpenStore

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1017KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2

c63536ddc9e7135144f115967fca6a7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

imm32

d3dcompiler_43

dwmapi

shlwapi

psapi

userenv

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1017KB - Virtual size: 1017KB

.rdata Size: 258KB - Virtual size: 258KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 36KB - Virtual size: 36KB

.rsrc Size: 262KB - Virtual size: 261KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 1017KB - Virtual size: 1017KB

.rdata
Size: 258KB - Virtual size: 258KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 262KB - Virtual size: 261KB

.reloc
Size: 3KB - Virtual size: 3KB