pskill[.]exe | Triage

General

Target

pskill.exe
Size

33KB
MD5

9c86dce0ec6511c963f467ddb05dfbca
SHA1

465dde74f2bb17f0afee83d85b01b6ee61cf1b64
SHA256

b7bf90688efe946dca92941c35bfacd776128e57e8073205a4f8aa2e08041c1b
SHA512

a00dac1511df1f5100a5311bdd6e58e16aaed63c31b917c25b8b71dbe0c18f80c33883f8c1cdd44c32c368a083cf74291921ebdb9fdb0679e51d7d1b41553068
SSDEEP

768:NG/2irG6TBikuB3cKCVHYzwqhBRsuQheVFayP8GI6awHgOv169sb:N6rGR3BMKCVvgBRsEayUb6hHb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Data/Company Shared Folders/Rxhe/UTYPROG/DEBUG/pskill.exe

Files

pskill.exe
.zip

Password: DsUjmlG885/kkmS
Device/HarddiskVolume4/Data/Company Shared Folders/Rxhe/UTYPROG/DEBUG/pskill.exe
.exe windows x86

Password: DsUjmlG885/kkmS

aed0ac8b3cd0a7a80c4301c6ae7a3787

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

SizeofResource
LoadResource
FindResourceA
ReadFile
WriteFile
LockResource
LocalFree
FormatMessageA
GetComputerNameA
GetFullPathNameA
GetCommandLineA
GetVersion
SetLastError
GetTickCount
OpenProcess
TerminateProcess
GetCurrentProcess
GetLastError
CloseHandle
GetModuleHandleA
GetProcAddress
CreateFileA
DeleteFileA
HeapFree
GetModuleFileNameA
UnhandledExceptionFilter
HeapAlloc
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleMode
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
SetFilePointer
SetEndOfFile
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
ReadConsoleInputA
SetConsoleMode

advapi32

OpenServiceA
DeleteService
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
ControlService

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: DsUjmlG885/kkmS

Password: DsUjmlG885/kkmS

aed0ac8b3cd0a7a80c4301c6ae7a3787

Headers

File Characteristics

Imports

mpr

kernel32

advapi32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 36KB - Virtual size: 32KB