trilog[.]7z | Triage

General

Target

trilog.7z
Size

9KB
MD5

0b4e76e84fa4d6a9716d89107626da9b
SHA1

1994098be85f9822d33337f772e89deeea615504
SHA256

f9549051966581ceac7d9772103db4c7b3f00504d07b92de4500e5460c334d96
SHA512

b51cf012fe0de486fc7f4e6f4e1bd38fb97378f1062d7a625cf38e1b8343f72ad5cc01d1406b153e8e945c3a3c550ab7f0e747987bfb8c936719b706a3a4eea1
SSDEEP

192:oe2hnEwYR1KrxwG5DfNdzmuJ9dMT3yWWAqmm6hZivo+4aBh7Gsw:oe2hEwYTK1wGJ3jWF9rWKsw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/trilog.exe

Files

trilog.7z
.7z

Password: infected
trilog.exe
.exe windows:5 windows x86

b28c641d753fb51b62a00fe6115070ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
strncpy
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
realloc
bsearch
qsort
memset
memcpy
setbuf
getenv
atoi
malloc
free
_snprintf
strncmp
strrchr
fprintf
__iob_func
_crt_debugger_hook
_stricmp
_strdup

kernel32

LocalFree
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b28c641d753fb51b62a00fe6115070ae

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 5KB