Path_Exp64[.]exe | Triage

Sharing

General

Target

Path_Exp64.exe
Size

10KB
MD5

eacbdf60cd67fc6ce2b93eabf0b52e12
SHA1

d820943905d87e9aadaf685b2918db1f9118de42
SHA256

354ff2b53ff82bd7dc6ffa113f0813d92098e48b3eccc101b5839b722733d01e
SHA512

3806f01093a21f1c21df5c37566d7da3e118fecfc95298136d501e77bc56854cfb099a27a175d6cf75524b839a0bd20d9196faf25ea38dab03a0a73e9ce05d8f
SSDEEP

192:4cH6wpMfPEbLrQT1sEVZ1cw+dTJPChbUYIN9dPIYszVbu3w6+Ib/:YwZbPQZd+dT49IrdwVy3n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Path_Exp64.exe

Files

Path_Exp64.exe
.exe windows x64

c4b8b0bb74815ebb050809e414cc1d6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseMutex
CreateThread
Sleep
GetCurrentProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
CreateMutexA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetProcAddress
TerminateProcess
WaitForSingleObject
UnhandledExceptionFilter

msvcrt

_fmode
__set_app_type
memcpy
memset
?terminate@@YAXXZ
_XcptFilter
_commode
free
malloc
printf
realloc
__C_specific_handler
__getmainargs
__setusermatherr
_amsg_exit
_initterm
_cexit
exit
_exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

gdi32

CreateRoundRectRgn
PolyDraw
FlattenPath
DeleteObject
BeginPath
EndPath

user32

GetDC
ReleaseDC
SetThreadDesktop
CreateDesktopA

shell32

ShellExecuteA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ