VixenCleaner[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VixenCleaner.exe
Size

5.0MB
MD5

f896695ef615c4d5e09df4ccaa2984b5
SHA1

8f3517b2ecdf56d7372e7e89b35be6ee096f5292
SHA256

7ad75a6780417178b6026fe7f18a38dcb455e60d0f09391bbb9de6d9487c0526
SHA512

1aeb0b8f24354bce29df0855cd92456af1245f011918551ea383b2a9a1e0cd5add583b06fe541de771fd2507188e23446e022c0054187b20882e7c5393990516
SSDEEP

98304:Yxt16Pb/JC9apF5i6QzMffuhWMrd4wg4R6qVUlYL5jGTUp4c4gU:Yz8D/g9vzwfuo+2wz7VjGAp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

VixenCleaner.exe

resource
VixenCleaner.exe

Files

VixenCleaner.exe
.exe windows:6 windows x64 arch:x64

9cce13405448de0c69c4a82a5d3b2aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ShellExecuteA

shlwapi

SHDeleteKeyW

kernel32

GetLastError
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegEnumKeyExW

ole32

CoCreateInstance

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

iphlpapi

GetAdaptersInfo

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

system

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

ceilf

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

��jo�\��YO�xV�*�{��е��F40�A��m�0qM��W�؎��c�ɊT/%��3�mx��+u��s�@��^H��m<[&��2�<�7��Lf��j�QV�|�>�Šf��1`V�~�>>(�w�2�w��?VE-ĉ^bK|��5��XS ;��\ٗ��I"�n�<��{��X+f��,�� <�;�k�@��~�7)�p�,��@��\yz%�<�f�zTH��E�&��RЪ��T�\��e��$b�)��3��CFL��5�C��nxXG�m3�t�_q8'�4��f@�� -��7�j#yl��2��ۨ,s�FgB�΍��l�k��-�a�r@�Bnb��^!D��Df3��D��I Y��^��P�w��Q�qҺ{G��e��Ts��h��ƃ5�a�n�N�7�{�%]�y�B�v`=��2Mfs�/�s�ƪ�Ռ�.{顧��c��u��5�^��!�3e� m �&�ҡ� �[��N �n��Nh~H_<wc@%;RF �5�,��k�#\-��G�X�@��~h$�2怜��%��+��Yn&�y�W-��r68sI��j��{��M�V8��^T"�^�*jc c=�w�-ӟ�(��gޒb��`��8``ҙ��A;ȋ<I��%ee��cb�07�Bq�X��= >p*�e��7�RC��}tZ! ��;�c��~��Er�LrV��Ggۤ7߆��\7.��!+;V�I�Mp�(i�0�86��ՂVH'j�9�ճ�>��Cp��V��Z�X��g�"d�{q(�x�V.x�a�,�<,׳ƈB��Z��{,a��nE��GW��p6e�q�ou;��51��z&ᧅ��/�/��^��j](�/��M۾L��m�/�\�� Q�Ve5��C�p��c�Z�@g �-�;o�f��U+�d��B�d��(S�� gu8�xџ�a{U6Sg��y$�x��lQr�*{��գ�9��ل+��\j��k�p��U ��T��o[jL��D�5�]�RY��8ɧ"Q�Ux��"R��!1d,}an��B�]��¬f��{�_\��H��i�=� C�>TSع ��}U��GJV�A��N�r��fH�,��we�c� >E��ʸ?h��vL}�R��0ݸ�� g�� ʮv�.y� _�u��!e'��*C��.@\0��h�� }��h��KDv-o��yl��%$��B�qc�rF�CVzA.�u<�A�]�&�x��ݗ��b�,N+عTe��;yr�7��RzL��^^Z%5f�آ17x�-�Y��t��RqW��}��`��F�d�Z�X��&藠��>�~)��4��"od�:v��I�s�϶ ��P��w��Luf�: �z��_q�?Y�+�W�R�H�7�Ö��CJXiU �<��_��M v.(�c)�X�f�Y��z��fխ�)�H��@��ä,G�}S ��9��BHO��'kn��&˛=rT~Y m֝��yq�[�X�*`��0�8��@�I��*y�Ȝ}��'K]YA�,5�0;��0�5z�d��D�$�[sa=�N-�^��L��g�ҌYz|�mw �h��B-�nLӣ�c��Ϟ��v��oR/ȅ�[g��h5P%�Q;�}��ŭSZ ��s�p`a0�0$��w�c�Ȑ��?1� K֧��m��X#-�$��Q�e�'mCC�D�k�8�.��XHD�vyU��7;�$�;p|9�!��U��ҋo'��ֱS�ixҝ��#�a�m73�Ч��ܤL��2!">�QߔGJ��k�e�..A+=)�G�\%�L1V,��ˬT��Z�d,V��i�N��B�o��Q��W�NAy�Ȥ�r��~��0�|@��qP]��i��S� ��IH� Mj9��7 .b��'LFٞ��Jߪ��7(��Χ�Y^+փ�%b� ��>dW��̼�E$��tU��惏�8W��9��&>K��+�Z�k�v�Eme�c8A҃.�T=�%�ɡs(�r9�5�ʢ_�5�Ę��=��t��D��j��;��(ڻ�̾�h��icu`� ��f�M)� 7�P��!�2�� <묭��v��+��)}r��[�t��x?��`ŧ��5�֜٦ci�*$��u��7f":�輗rU܄��y��ZhAz�9�R!h*��aJ:��9Z�jh�N��h��B��%�Vx9�m�M�}N��ڰ�H֕I��~��7�}Mb��X!�jB�լD��i�Q�B�n*��K'��C�)3"�t�2eڭ�z��v��F'��M��K�آ�#��o��<^�4�ui�(��RE�KD5�j�mZ�Ҿi�/Z��۲]��s��Z/1��+N>RՐ:f��^�o��¡W�P��S��+�s��-.�m��D��5 ��GQ�O-O�m-`�:Eb��x!�>R��Y)h�U�ms��S}��kf�Q|�_��O?�^��~��Aʽ��cm^EnqWSx�N��b��x�N�.�=�hY;�C�I>�\BA�F|�N��H�l�+_ ��~ @��m��<��Z�_��!�>1��&Z��v��Dщht��sk�#{?��d?�� W��8�&�)��gRY�wc�Ʋ�%�_�:��I@��`��Fkc��<z��%��~$�jp�^X��]��O�qA��~RD!3 `^x�L��f�"��Ш P��Ԣ�� sl&��L'��N��r>c�1!�b垐��!��u�:=�x��ć��P��7�YT��!践�-��\u��3��Q�;y՗�k�9�~�zQiL׿5&��v�-z��k,)�p �`��J[Ny�

Sections

.text
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vixen0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cce13405448de0c69c4a82a5d3b2aad

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

kernel32

advapi32

ole32

msvcp140

iphlpapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 188KB

.rdata Size: - Virtual size: 31KB

.data Size: - Virtual size: 170KB

.pdata Size: - Virtual size: 2KB

.vixen0 Size: - Virtual size: 3.2MB

.vixen1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 188KB

.rdata
Size: - Virtual size: 31KB

.data
Size: - Virtual size: 170KB

.pdata
Size: - Virtual size: 2KB

.vixen0
Size: - Virtual size: 3.2MB

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 512B - Virtual size: 480B