test (2)[.]crypted[.]exe | Triage

Sharing

General

Target

test (2).crypted.exe
Size

1.5MB
MD5

04fea033c7a3c5d0c85ce3d871a45ff6
SHA1

a3292641c73afa0bafa5bf939d2565a429fd49d7
SHA256

439967b6aa28707f1cd31756613eaed8f79cbfffa9384271a62859e31e486602
SHA512

033ade5b779f95d5609d6bcb95a718ff10e3fa0d8359ff07bd4e5fbbc7d1f463b8b5913e52e1f2699ffc9c674b3da90a2f185464507346956701d3c4b7cbe035
SSDEEP

49152:GzbnYiuvIowuObvJjVnxgIocvn5qghA3:QpuvI7fvdEIoin5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test (2).crypted.exe

Files

test (2).crypted.exe
.exe windows x86

340a78516d08b5a4cfe6d74d5a46dca5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.text
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fa<[
Size: - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

f2V:
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zYdI
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ