START[.]EXE | Triage

Sharing

General

Target

START.EXE
Size

9KB
MD5

c824c637c221f1495ec76f581117472a
SHA1

d1d52863cba35571486caa3f7a406edcbae4d680
SHA256

1b13df439dc938fed64bf0a1abe3f8eac9f2dcb278702d27bbb2c0f67086c103
SHA512

12f59f97bcbdd02868f96c694cde3e3d5caf509b9e479943177f1bceef57a3acfe1218b9e3ff5a4cc9c5e933c414161f4fd21dca50292dfb9200bd0c2f4d87ff
SSDEEP

96:Xjlb48qYfNc2yM2aYTxIvIa5I5paThrVUwwlM5CaSlOj6wHOf/Ra+TTsy/1iXMh8:Xjlb48qv2pixAT2yGmw8tpFWBkAu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
START.EXE

Files

START.EXE
.exe windows x86

633e8be4a1014a1075f56e896d349934

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleTitleA
WriteFile
GetStdHandle
lstrcatA
GetModuleHandleA
FormatMessageA
GetLastError
lstrlenA
SetConsoleTitleA
GetExitCodeProcess
WaitForSingleObject
ExitProcess
lstrcpyA
LocalAlloc
GetCommandLineA

user32

CharUpperA
LoadStringA
CharToOemA

shell32

ShellExecuteEx

Sections

.text
Size: 1024B - Virtual size: 997B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE