MS08-066_2003[.]exe | Triage

Sharing

General

Target

MS08-066_2003.exe
Size

40KB
MD5

07876c3334b80dea30341f4945e5da57
SHA1

c23551720ac78139396ba996c5bb74579005b384
SHA256

7c70aa7fcc08d08807a6ab75126e37cc7c2d2855b7086077e3ffceda17762b93
SHA512

a7cd9906d7c2a3c5c4fd2d83d7dcff8d95b0c046911a861da4dbfd6a4af70d0f6a57c29ed3a89c0317074d006e9fb7b831e2330c1d2060d64861990a5b62e7ae
SSDEEP

384:/CRh3CzTOKSXwfdYcaSMcW7zpf9VOkCGumyB6r3dMcF0JDiWOJTXopP5:ZOK5fxazRObu46rtM48cJTXop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MS08-066_2003.exe

Files

MS08-066_2003.exe
.exe windows x86

77b90aba727ec1d4e5e595c8052d244f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateProcessA
GetStartupInfoA
DeviceIoControl
GetVersionExA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
CloseHandle

ws2_32

htons
socket
connect
WSAStartup

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE