x0r[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x0r.exe
Size

14KB
MD5

53ff7c941606b2926df6c40936357308
SHA1

95adfbe21b80765b803f1c872d199d513f64aa60
SHA256

13e84fcb7c9ab764e4a27d26f24693837782ec3bbfa410708dddad5f8a46320c
SHA512

787d7f8c6459487c3d2d65c126e08c44f7582ca436a5f9fb6c45d583664145236ab1ff68293d5f65155ffc8c616c8d296cf021fc752cfe097450d1dd729e44d4
SSDEEP

192:1XEhLBoMFfRS+BRT6oReVWiGomse1zw/TwZLTnYuXCpuutyP8X:1XEhLBFfRzROVWiGhzwMxLYuXCpgy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x0r.exe

Files

x0r.exe
.exe windows x86

493fadfe59ec1ccb667d3415d5357692

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
LoadLibraryA
lstrlenA
GetCurrentProcess
GetProcAddress
lstrcmpiA
CloseHandle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE