TTQ_RUN[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TTQ_RUN.exe
Size

422KB
MD5

37ff3dc109e4ec54d3342e6bbb016a2b
SHA1

1f20e6cc9e17d00b171a3a4a805ad2a1ad79118f
SHA256

8514ebf0c729bb60c668a79c41d63d14cea56ce67bdbf568a345520a027dee5d
SHA512

1109e852f52e3b6e29a13346b7cf74ff8a0ab9ec0cbef372a0b526467dd157cbb087cb6b6e6d0cebd62b66709b4293ed2c90458fb62672e53d9a019001c712ff
SSDEEP

12288:P2JqnIO05081AU/0yxOOTnO1OzCmdGaC0N:OQIOcP6yxOOTBCHA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TTQ_RUN.exe

Files

TTQ_RUN.exe
.exe windows x64

5d5ba55403e937caf3078fdcd0e9c643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

version

VerQueryValueW

winmm

timeGetTime

comctl32

ImageList_Remove

mpr

WNetGetConnectionW

wininet

FtpOpenFileW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho

userenv

LoadUserProfileW

uxtheme

IsThemeActive

user32

GetDC

gdi32

LineTo

comdlg32

GetSaveFileNameW

advapi32

GetAce

shell32

DragFinish

ole32

CoGetObject

oleaut32

VariantChangeType

Sections

.MPRESS1
Size: 392KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE