file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

315KB
MD5

2e004e91a15257d4a60f2d2940449071
SHA1

5435290130b152e1330e921d6ff5855d50f22acc
SHA256

ef0644b007d078f0d9de387a4c15a91225603da09c8cb9b3c9e2774e372214e2
SHA512

26660e8bc7a0e946e9e1673d0576096bb5bffabc8ffa45e4506a4a1b2cbefb0372a469dfa0c8f06205f04aeb22f0b9b678dd22243f864b64860aed09fb497803
SSDEEP

3072:uP5FTku174SdZp2Ma3s9/fP2flFqLcCpJEyaK3rMQhBkK2HWvBo:uRFIu4SdWMn9/unq/JEQ/kK2H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows x86

4d78eb5f7b59a8e753748eb85e3f3b28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetInformationJobObject
AllocConsole
GetConsoleAliasExesLengthA
UpdateResourceA
MoveFileExW
InterlockedDecrement
WaitNamedPipeA
GetCurrentProcess
GetNamedPipeHandleStateA
HeapFree
GetProfileStringW
GetUserDefaultLCID
SetComputerNameW
GetComputerNameW
GetTimeFormatA
FlushConsoleInputBuffer
_lclose
_lcreat
GetModuleHandleW
GetConsoleAliasesLengthA
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
EnumTimeFormatsA
GetDriveTypeA
GlobalAlloc
GetPrivateProfileIntA
LoadLibraryW
TerminateThread
FatalAppExitW
_hread
GetPrivateProfileStructW
GetCalendarInfoW
DeleteVolumeMountPointW
GetFileAttributesA
TransactNamedPipe
GetFileSize
GetStartupInfoW
CreateMailslotW
VirtualUnlock
GetLastError
IsDBCSLeadByteEx
GetCurrentDirectoryW
SetLastError
BackupRead
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
CreateNamedPipeA
MoveFileW
GlobalGetAtomNameA
OpenWaitableTimerA
LoadLibraryA
InterlockedExchangeAdd
LocalAlloc
BuildCommDCBAndTimeoutsW
GetNumberFormatW
GetCurrentConsoleFont
EnumDateFormatsA
CreateIoCompletionPort
_lread
GetModuleHandleA
FreeEnvironmentStringsW
FindNextFileW
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
LocalSize
FindFirstVolumeW
DeleteFileW
EnumSystemLocalesW
DeleteFileA
CloseHandle
ReadFile
WriteConsoleW
GetConsoleAliasW
GetCommandLineW
LCMapStringW
FlushFileBuffers
InterlockedIncrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
RtlUnwind
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
ExitProcess
WriteFile
GetModuleFileNameW
SetFilePointer
HeapSize
RaiseException
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
MultiByteToWideChar
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW

user32

CharUpperA
CharUpperBuffA

advapi32

RevertToSelf

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 30.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d78eb5f7b59a8e753748eb85e3f3b28

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

Sections

.text Size: 157KB - Virtual size: 156KB

.data Size: 78KB - Virtual size: 30.7MB

.rsrc Size: 79KB - Virtual size: 78KB

.text
Size: 157KB - Virtual size: 156KB

.data
Size: 78KB - Virtual size: 30.7MB

.rsrc
Size: 79KB - Virtual size: 78KB