shit[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

shit.exe
Size

4.9MB
MD5

67029b569ad726b1b87cc62760472cc8
SHA1

0d43665fd941533cdd3edbf71fd3f975bcd53967
SHA256

169c70fc77814578aa83b3a666eb674c49e60ac6964b040de9b1e51c5966bf56
SHA512

d90a1eb4e58bfe489a85e1be03bfb47284fc6fd0e1348e2637b3134013e69e067594212f1baa677423613564f75718e4f17cb162c915cbe4741f5a0085374eb4
SSDEEP

98304:CGU63cndf3MC3xCuKlm5HYoNCx7PbppZwyde+PdZtW/gNYtLtTXx:CIcdkC/Klm51UJ5deMd/W/gN6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
shit.exe

Files

shit.exe
.exe windows:5 windows x86

c7c88a9f12777d4c1f156ccc8f276fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AcquireSRWLockExclusive
CreateEventA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

oleaut32

GetErrorInfo

user32

GetForegroundWindow
CharUpperBuffW

bcrypt

BCryptGenRandom

msvcrt

__dllonexit

Sections

.text
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrth0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rrth1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrth2
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7c88a9f12777d4c1f156ccc8f276fa1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

bcrypt

msvcrt

Sections

.text Size: - Virtual size: 260KB

.data Size: - Virtual size: 152B

.rdata Size: - Virtual size: 67KB

.eh_fram Size: - Virtual size: 23KB

.bss Size: - Virtual size: 1KB

.idata Size: - Virtual size: 4KB

.CRT Size: - Virtual size: 64B

.tls Size: - Virtual size: 32B

.rrth0 Size: - Virtual size: 2.6MB

.rrth1 Size: 1KB - Virtual size: 1KB

.rrth2 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: - Virtual size: 260KB

.data
Size: - Virtual size: 152B

.rdata
Size: - Virtual size: 67KB

.eh_fram
Size: - Virtual size: 23KB

.bss
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 4KB

.CRT
Size: - Virtual size: 64B

.tls
Size: - Virtual size: 32B

.rrth0
Size: - Virtual size: 2.6MB

.rrth1
Size: 1KB - Virtual size: 1KB

.rrth2
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB