ceshi[.]exe | Triage

General

Target

ceshi.exe
Size

144KB
MD5

25214ee067e1480fa57f0ffd143ebb03
SHA1

799662eb1072181e2d816005b6b105650b605075
SHA256

523461b6e1b7beb0ea5596ecf7e4455c3b5930e4280db607cc19a73c88a11a58
SHA512

b21fec05a374780654d855a13be8ecd17869afa1f31b4e843730fdbd683484e17a09d0409903e94c5449303b484a0ad238b8f60a3c49e2d845dfe55e56e69fcb
SSDEEP

1536:BwL42hI3IetDA3F39dOPD4IyuKUc7H8LiYHOv3YHV2m9zrPW4B5:BwL4mOIet+uPNyOLiQC3YE0zrPLB5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceshi.exe

Files

ceshi.exe
.exe windows x86

4eac46eb01c65a7e209bb87f15f9e46d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
HeapFree
GetProcessHeap
VirtualFree
FreeLibrary
HeapAlloc
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
CloseHandle
CreateFileA
WriteFile
ReadFile
GetFileSize
RtlUnwind
RaiseException
GetLastError
HeapReAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
HeapSize
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
LocalFree

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4eac46eb01c65a7e209bb87f15f9e46d

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB