win32[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

win32.exe
Size

4.0MB
MD5

7106de2b3719fc7f797cce5ef035c44d
SHA1

c7278c1f19134288cdbac235dc74a99956055d0e
SHA256

a7f9f9a08ef74bd799772f180ec9d193d41c0c5a59d8727a748d22cdc08309f8
SHA512

5a8707a808afc941c898c378e960a3aea3f1653f90156fc4f39d8fc904ec2388876ce81363d19754fdfb4abd9152ecd9a8d4fc834c366ef78e1b7c77be0cefb0
SSDEEP

98304:lCQbn9iV8fvJ3XNIXJzooTsB5oJ9++G/IM1SHV/zhw6V:ltBimXJ3XSX+o05CI+2IM10VLhw6V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
win32.exe

Files

win32.exe
.exe windows:5 windows x86

586816a871d95ee12174f3c3eb7f8be6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
MsgWaitForMultipleObjects
TranslateMessage
CreateWindowExA
PeekMessageA
DefWindowProcA
DispatchMessageA

kernel32

FreeEnvironmentStringsW
ReadFile
SetEndOfFile
GetLastError
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
VirtualFree
VirtualAlloc
GetTempPathA
VirtualQueryEx
OpenProcess
Thread32First
Thread32Next
SetLastError
VirtualAllocEx
OpenThread
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
WriteProcessMemory
SuspendThread
ResumeThread
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
VirtualProtect
WaitForSingleObject
CreateMutexA
GetCurrentThreadId
ReleaseMutex
CreateRemoteThread
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xzdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

586816a871d95ee12174f3c3eb7f8be6

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 70KB - Virtual size: 76KB

.xzdata Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 70KB - Virtual size: 76KB

.xzdata
Size: 3.9MB - Virtual size: 3.9MB