test_payload_x64[.]exe | Triage

Sharing

General

Target

test_payload_x64.exe
Size

5KB
MD5

13e7eae6e5bd625e6b2a814a583f3d4c
SHA1

c0645d3761883c8e72a66f94e29667dd4ef0b3df
SHA256

b63a6be1c9592cb6129808a9f9aa08f0248389f47d49c9b61d1629e0ee519191
SHA512

adf017b941cf7bf2d74e3823538df58f6efbbb4eb4e42550b455414667e3076ddce294164c5b92ad51f55faf8cde7a391d18ef2987c80153e408e021044ea218
SSDEEP

96:VONYuAwR24IB4bZa3lzzO3N1dFdPNys1+Ho:/uFRauZ4OTes1+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test_payload_x64.exe

Files

test_payload_x64.exe
.exe windows x64

c4541c89cc0d58c0b35b5b9481d66f18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_stricmp
printf
memset

kernel32

GetProcAddress
LocalFree
CloseHandle
LoadLibraryA
GetLastError
SetConsoleCtrlHandler
OpenProcess
ResumeThread
GetSystemDirectoryW
LocalAlloc
GetCurrentProcess

advapi32

DuplicateTokenEx
AdjustTokenPrivileges
RevertToSelf
ConvertSidToStringSidA
SetTokenInformation
LookupPrivilegeValueA
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserW
GetTokenInformation

psapi

EnumProcesses

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ