file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

6.2MB
MD5

c39956a75f5796cfb82ab42dfe503920
SHA1

0e01eac695641e06e1d71aff1eab7db9192e3b09
SHA256

6077006507c8ccc3461cf85493c75bb77efb973387666f1e3e25ca07801ff481
SHA512

23d771106b6919143970f4df84bbc78c695874a6e0042b589f463665cd1a9bdabc8c559e1e1b009e7613b082d26eedf90aa49ded40ab41be93983d411ae35bbc
SSDEEP

196608:b/YxKYm6oIFZNNfag517FiJxXkmx4jyVMBc:b/hfmZNJqbkc48MBc

Score

N/A

Malware Config

Signatures

Files

file.exe
.exe windows x86

9b38d7040ba61a21f22704eba3403a2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowRect
CharUpperBuffW

gdi32

CreateCompatibleBitmap

advapi32

CredEnumerateA

shell32

SHGetFolderPathA

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

crypt32

CryptStringToBinaryA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiGetClassDevsA

vcruntime140

memcmp

api-ms-win-crt-string-l1-1-0

_strnicmp

api-ms-win-crt-runtime-l1-1-0

_beginthreadex

api-ms-win-crt-stdio-l1-1-0

ferror

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

atoll

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_ctime64

api-ms-win-crt-math-l1-1-0

_dclass

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b38d7040ba61a21f22704eba3403a2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

crypt32

gdiplus

setupapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 9KB

.text0 Size: - Virtual size: 3.2MB

.text1 Size: 2KB - Virtual size: 2KB

.text2 Size: 6.2MB - Virtual size: 6.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 9KB

.text0
Size: - Virtual size: 3.2MB

.text1
Size: 2KB - Virtual size: 2KB

.text2
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 1KB - Virtual size: 1KB