Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe
Size

24KB
MD5

0fd245ff5c2664f1a94136eceaa3ef94
SHA1

7bb41dfe7859307c4278b615fe85f8bd4c3c668a
SHA256

8f0fd4c4ed12f4cb7161384a48b5db6f926f204b45d49cf17f15e1bedee3180f
SHA512

1cd88e74dd0b72fc15c1cdb14cc13522ca5fd438bf69ffa5d73ef76bf32d907182de5e97c9222fecdc4c991770cdaa0494b2278ad5a87646eef58d62dd7bda57
SSDEEP

768:2WKXO/T8K4czrAThWjjDeZA9vvceZpYtQVR:2N6T4GXnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe

Files

Benign_fff7c195f3d40d9c4115ded2b319d2ea53fbfe86945f306ed75f31821f7ba712.exe
.exe windows x86

4e6decb510aa68eb0e2af11a93cb6102

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
ExAllocatePoolWithQuotaTag
IoCreateSymbolicLink
RtlInitUnicodeString
IoCreateDevice
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
KeSetPriorityThread
KeGetCurrentThread
KeReleaseSemaphore
ExAllocatePoolWithTag
RtlTimeToTimeFields
KeQuerySystemTime
strchr
ExSystemTimeToLocalTime
ZwReadFile
_stricmp
ZwWriteFile
ZwQueryInformationFile
ZwCreateFile
ZwSetInformationFile
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlUnwind

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ