example[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

example.exe
Size

690KB
MD5

76ebd4e9fc8bbf4c7e6473c579001862
SHA1

351503949ce5f286385de04b718e5f2872880b43
SHA256

f78fe2cfd9a67894b06f5a995441bd3ec7a72df1d634d68c46438e2aab41e7d0
SHA512

bec42ff5f163aa165b30bb58846366dd70baf7fe2be9a5cc1d4a34e17bc20f1b6c1cadcd62a0428c8413928737190513670e040ec921b5026515c4cd471640d1
SSDEEP

12288:OiEsGHjEqtl5QswyAiWYgeWYg955/155/3VHyusFxfTkU5hovRohJW4/+OK3G0:ihQqtl5QstAgusFpTkU5ho5j9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
example.exe

Files

example.exe
.exe windows x64

549f8a5816fd6b5088104753cea721a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
GetUserNameA
ConvertSidToStringSidA

kernel32

GetModuleFileNameA
VirtualProtect
HeapFree
SetConsoleTitleA
GetCurrentProcess
DeviceIoControl
InitializeCriticalSectionEx
GetModuleHandleA
HeapSize
Sleep
GetLastError
CreateFileA
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
RtlVirtualUnwind
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
ReadFile
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
DeleteFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
FormatMessageA
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
WaitForSingleObjectEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
OutputDebugStringW
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetSystemInfo
VirtualAlloc
VirtualQuery
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
RtlUnwind

user32

SetCursorPos
BlockInput
MessageBoxA

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpOpen
WinHttpAddRequestHeaders

userenv

UnloadUserProfile

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

Sections

.text
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

549f8a5816fd6b5088104753cea721a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

winhttp

userenv

rpcrt4

Sections

.text Size: 492KB - Virtual size: 492KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 15KB - Virtual size: 31KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 492KB - Virtual size: 492KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 15KB - Virtual size: 31KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 5KB