expand[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

expand.exe
Size

81KB
MD5

a2c2de2281cd061343fc760d14697b21
SHA1

ea578fee304fdcf4645d32394e9ba78b1900d6f3
SHA256

af0f84fb60067e908ebe8fe702d2fa39d2fef88b5eb0c9fc94ba78787a112224
SHA512

12eada52988115f815301af2bd7b77b0a61807b26e46981f230b7406c9888354e47e73a9626f0509c51f4cb7aa4c8f61aff9b86282eeeaeae37193c2cf0016e1
SSDEEP

384:IhgPlHFpoaEq7qPz1xYPoCvdDT2WIgZLxeE+MDL9r5qdl/tQKCzwQB0HOdlzpga:Ih8lPqPzwRTPIgxsEJ8iKCz90qpz

Score

1^/10

Malware Config

Signatures

Files

expand.exe
.exe windows x64

6284aaa3e42782059c1ee0ae59295abe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CopyFileA
GetExpandedNameA
GetFullPathNameA
GetStdHandle
LZClose
LZCopy
LZOpenFileA
WriteFile
lstrcmpA
lstrcmpiA

setupapi

SetupGetFileCompressionInfoExA
SetupIterateCabinetA

ucrtbase

__p___argc
__p___argv
__stdio_common_vsprintf
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_narrow_environment
_set_app_type
exit
strcat
strcpy

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6284aaa3e42782059c1ee0ae59295abe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

ucrtbase

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 416B

.pdata Size: 4KB - Virtual size: 84B

.xdata Size: 4KB - Virtual size: 76B

.idata Size: 4KB - Virtual size: 1004B

/4 Size: 4KB - Virtual size: 160B

/19 Size: 20KB - Virtual size: 18KB

/31 Size: 4KB - Virtual size: 1KB

/45 Size: 4KB - Virtual size: 1KB

/57 Size: 4KB - Virtual size: 576B

/70 Size: 4KB - Virtual size: 462B

/81 Size: 4KB - Virtual size: 2KB

/92 Size: 4KB - Virtual size: 240B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 416B

.pdata
Size: 4KB - Virtual size: 84B

.xdata
Size: 4KB - Virtual size: 76B

.idata
Size: 4KB - Virtual size: 1004B

/4
Size: 4KB - Virtual size: 160B

/19
Size: 20KB - Virtual size: 18KB

/31
Size: 4KB - Virtual size: 1KB

/45
Size: 4KB - Virtual size: 1KB

/57
Size: 4KB - Virtual size: 576B

/70
Size: 4KB - Virtual size: 462B

/81
Size: 4KB - Virtual size: 2KB

/92
Size: 4KB - Virtual size: 240B