64[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

64.exe
Size

998KB
MD5

43f0b9f0058030153d6114309d953fb3
SHA1

cd093efca6d56f51a28b6b32d0c492aa655671ae
SHA256

cf30c55ec1f1083d8cc3fb4204e29ec50b39788a3c7c561d8d0ab2a9cba86336
SHA512

3009e1054373b876f5542d84c784a50440c69c1555182cc405b1e9395e0b928f26ad408cb627eb8f0b663ad124f979b6677a89b5eb73d04a13c981a5e93106e0
SSDEEP

12288:fEUEK/alBxScnB04n9Cf8gzLRrtB25JsGW2EEYGVp3Am:OK/alBxFB0FUgzLRrtUJFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64.exe

Files

64.exe
.exe windows:5 windows x64 arch:x64

e84d11c378c8e8f83080cc0f510539d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
lstrlenA
MultiByteToWideChar
GetFileSize
CreateFileA
GetPrivateProfileStringW
CopyFileW
GetTempPathW
lstrlenW
lstrcmpiW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
lstrcpyW
lstrcpyA
FlushViewOfFile
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
ReadFile
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CompareStringW
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW
GetConsoleMode
GetConsoleCP
LocalAlloc
LocalFree
GetCommandLineW
ExitProcess
OpenEventW
SetEvent
HeapDestroy
CloseHandle
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA

user32

wsprintfW

shell32

SHGetKnownFolderPath
CommandLineToArgvW

shlwapi

StrCmpNIW
StrStrIW

ole32

StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemFree

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW

crypt32

CryptStringToBinaryA
CryptUnprotectData

wlanapi

WlanGetProfileList
WlanEnumInterfaces
WlanOpenHandle
WlanGetProfile
WlanCloseHandle

Sections

.text
Size: 849KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e84d11c378c8e8f83080cc0f510539d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

ole32

advapi32

crypt32

wlanapi

Sections

.text Size: 849KB - Virtual size: 849KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 43KB - Virtual size: 68KB

.pdata Size: 25KB - Virtual size: 25KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 849KB - Virtual size: 849KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 43KB - Virtual size: 68KB

.pdata
Size: 25KB - Virtual size: 25KB

.reloc
Size: 7KB - Virtual size: 6KB