syslog[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

syslog.exe
Size

239KB
MD5

87488301a1998ade07c23d9bdd210a41
SHA1

1df56a979f9f5878adaa7dca4fc58ceb2efa1053
SHA256

670b57abe3a6562e192ae932dfe941922e0561b29fca72e481bd4972d47f989f
SHA512

c95aeef0952fee2b5fc4c548d951ad2bd994afc39dca198f6f40660ccb927828de73f918d19a7f2b4580d9551d684046424d311a8898da462485713a54866baf
SSDEEP

3072:Ffxey6Ux+HKnB5OnEib7/QUMtIfINJqZ+C96mJaPjBwPjDNKh35:F5exUx+HKBMzQiW7twPnNKh35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
syslog.exe

Files

syslog.exe
.exe windows x64

5691abfbbbf6cc181e8e9dc29d545a27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
HeapCreate
HeapAlloc
CloseHandle
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler3
memmove
memcmp
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5691abfbbbf6cc181e8e9dc29d545a27

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 696B

.pdata Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 696B

.pdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB