hersey[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hersey.exe
Size

144KB
MD5

89a58278221137e8a292167c768ed202
SHA1

56985ed63c0611ffbf0944537c12cec42ce4ac44
SHA256

8637add51ec34c256845fe84477ce6c7a773b8267075eb07a1065ef0fd371cd7
SHA512

eb1623114a976da6838af665e3f21a1a4cb2b5aff244ef6ac0453d9fceea55f1712d134e0e5cb3b34afcb8ac9c05ccf460b4a7ec817c0d9ebfb697069b113ebd
SSDEEP

3072:7w9DeqoLvWt/cIolZ2nM352PdzKv97wnSrIgovz9icQ5e3WHuvcjUgvH:7net/sZ2I5iKEpicRGQcjUgvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hersey.exe

Files

hersey.exe
.exe windows x86

14e4d3db77446f84c5c76d07f46b727d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
BuildExplicitAccessWithNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetEntriesInAclA
SetKernelObjectSecurity
SetNamedSecurityInfoA

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeConsole
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemPowerStatus
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
Module32First
Module32Next
MoveFileExA
OpenMutexA
OpenProcess
Process32First
Process32Next
ReadFile
ReleaseMutex
ReleaseSemaphore
SetFileAttributesA
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
lstrcmpiA
lstrlenA

msvcrt

_itoa
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_getpid
_iob
_onexit
_setmode
_snprintf
abort
atexit
atoi
calloc
clock
fclose
fopen
fputc
fputs
free
fwrite
getenv
localtime
malloc
memcmp
memcpy
rand
realloc
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strftime
strstr
strtok
system
time
vfprintf

shell32

ShellExecuteA

user32

CloseClipboard
CreateWindowExA
DefWindowProcA
DispatchMessageA
EmptyClipboard
EnableWindow
FindWindowA
FindWindowExA
FindWindowExW
GetLastInputInfo
GetMessageA
GetSystemMetrics
GetWindowThreadProcessId
IsWindowVisible
OpenClipboard
PostMessageA
RegisterClassExA
RegisterWindowMessageA
SetClipboardData
ShowWindow
TranslateMessage

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

ws2_32

closesocket
gethostbyname

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 363KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

14e4d3db77446f84c5c76d07f46b727d

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

wininet

ws2_32

Sections

.text Size: 102KB - Virtual size: 101KB

.data Size: 20KB - Virtual size: 20KB

.rdata Size: 13KB - Virtual size: 13KB

.eh_fram Size: 1024B - Virtual size: 992B

.bss Size: - Virtual size: 363KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.text
Size: 102KB - Virtual size: 101KB

.data
Size: 20KB - Virtual size: 20KB

.rdata
Size: 13KB - Virtual size: 13KB

.eh_fram
Size: 1024B - Virtual size: 992B

.bss
Size: - Virtual size: 363KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B