easy_Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712[.]exe | Triage

Sharing

General

Target

easy_Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe
Size

24KB
MD5

9d9e96b325a14cf60cabc5f90e528612
SHA1

27da7f8bec163ced6331588663230337d8f506bd
SHA256

fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712
SHA512

ed7fd3c640d185518d1e57c28659d5b35ea40def5969fa5ad148424e8e984d976afeaedcf412f1b52da811e566749572a900be9135e2f61e44245f9079bd3e7e
SSDEEP

768:2WKXO/T8K4czrAThWjjDeZA9vvceZpYtQVz:2N6T4GXnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
easy_Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe

Files

easy_Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe
.exe windows x86

4e6decb510aa68eb0e2af11a93cb6102

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
ExAllocatePoolWithQuotaTag
IoCreateSymbolicLink
RtlInitUnicodeString
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
KeSetPriorityThread
KeGetCurrentThread
KeReleaseSemaphore
ExAllocatePoolWithTag
RtlTimeToTimeFields
KeQuerySystemTime
strchr
ExSystemTimeToLocalTime
ZwReadFile
_stricmp
ZwWriteFile
ZwQueryInformationFile
ZwCreateFile
ZwSetInformationFile
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlUnwind

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ