Defrag[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Defrag.exe
Size

205KB
MD5

e2601e315e9a9837279a23963f5819b0
SHA1

5bb7fdaf33e556323a1152d36b0f9159cc53d291
SHA256

7a18dbbe6ca138389424a7b2c0135ba4a7541c33e0443227f3cf505b58b52a85
SHA512

66d899eb1f20df9096b10ee889512e7bfb51114665e7004d41d31ae89253b8972c2947deab71e5e20ba3bb8cd70f7f97b798b54b59642f26dcf1381ab0fcf052
SSDEEP

3072:naQNgDUs61d6lzUVRmy3kJKk/VUphUuyib4C6c5Q3eSjlR+8qxLijgJyfFOG83Yc:aubs7qg+Wuc3lRGOUZGKc4YFnwjCpW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Defrag.exe

Files

Defrag.exe
.exe windows x64

9233d07ce8b477a0de3511c3b6b4b24d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memmove
_unlock
_lock
wprintf
_onexit
_commode
_fmode
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
memcpy
wcschr
exit
_vscwprintf
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
iswspace
mbtowc
localeconv
_wsetlocale
_vsnwprintf
swscanf_s
_wcsicmp
__C_specific_handler
__dllonexit
memset

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
GetVolumeInformationW
DeleteFileW
CreateFileW
GetVolumePathNameW
FindFirstFileW
FindNextFileW
FindClose

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateGuid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
ResetEvent
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
LoadStringW
FreeLibrary

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace

ntdll

RtlGetPersistedStateLocation
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

sxshared

SxTracerGetThreadContextRetail
SxTracerDebuggerBreak
SxTracerShouldTrackFailure

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9233d07ce8b477a0de3511c3b6b4b24d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

ntdll

api-ms-win-core-profile-l1-1-0

sxshared

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l1-2-0

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 512B - Virtual size: 92B