sleep[.]exe | Triage

General

Target

sleep.exe
Size

77KB
MD5

c3826f6a433e734d7eb6fb35ed9a847c
SHA1

4faa38718c601ecb72e0514847eea774c733578a
SHA256

98d29501d1b90582f667a167b72840ec752fe2a9c65c2fe33b69a13a511e62bd
SHA512

fe6fc9d4c7a32e67b5eb0fabdc5395fc5593627d98a6fac197ec17230e2ecfc21f1cd771c122e90772e76714a0a67d8738a6a1402c43d79acfe50eac0070a918
SSDEEP

1536:N/aXCFI2iPwI8idLQHUZkNwZSmEoXd7z1rFbXvV8qAxBPsAcUa+Cg:5akI2iNbkCtv1rFjN8qAxJn9RP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Users/Admin/Downloads/42SW18_2023-09-22_10_03_42.532/Device/HarddiskVolume2/Windows/System32/sleep.exe

Files

sleep.exe
.zip

Password: YOIN=Tp689~u%u7n6|)x
Device/HarddiskVolume4/Users/Admin/Downloads/42SW18_2023-09-22_10_03_42.532/Device/HarddiskVolume2/Windows/System32/sleep.exe
.exe windows x86

Password: YOIN=Tp689~u%u7n6|)x

61fe57ec806fed4dac95fcc75945e023

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord522
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord561
__vbaPrintObj
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaVarCat
ord536
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
ord616
__vbaFpI4
__vbaR8IntI2
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: YOIN=Tp689~u%u7n6|)x

Password: YOIN=Tp689~u%u7n6|)x

61fe57ec806fed4dac95fcc75945e023

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 132KB - Virtual size: 128KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 132KB - Virtual size: 128KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 44KB - Virtual size: 42KB