ERunAsX[.]exe | Triage

General

Target

ERunAsX.exe
Size

44KB
MD5

61fe7f788c71e40f424e62bb74793d08
SHA1

57c6d3e4d25544d8f00c0a1988a1c314f2940095
SHA256

c361d1e3d46595921e254ea2d2e767b0c470e110786e975d62ac13ab70e67318
SHA512

818e960ea9cdc6bb378c87341c09289c6a5d93aef471b099c11f525857b26f5819363c80170d06b7d9e7bdfe7d4a7b765771cd600457c38c93d71c4c98de1609
SSDEEP

768:ScwfFmQfWzu2AUlJxyXBiTybgTfa0riaTHHx2o3uR:DHS2ASJeBiTysfLW44o3uR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ERunAsX.exe

Files

ERunAsX.exe
.exe windows:4 windows x86

3cc9dc206ea6c2b88b35e5c6d8eab864

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwConnectPort
DbgUiConnectToDbg
ZwRequestPort

kernel32

UnhandledExceptionFilter
TerminateProcess
CreateFileA
WaitForDebugEvent
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeThread
GetExitCodeProcess
Sleep
FreeConsole
ResumeThread
GetModuleFileNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
DuplicateHandle
GetCurrentProcess
OpenProcess
CloseHandle
GetVersion
CreateRemoteThread
GetModuleHandleA
WaitForSingleObject
VirtualAlloc
VirtualFree
ReadProcessMemory
WriteProcessMemory
VirtualQuery
SuspendThread
TerminateThread
GetThreadContext
SetThreadContext
GetProcAddress
lstrcmpiW
lstrcmpiA
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
GetModuleFileNameA
HeapAlloc
WideCharToMultiByte
GetLastError
HeapReAlloc
LoadLibraryA
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetStdHandle
SetFilePointer
ReadFile
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3cc9dc206ea6c2b88b35e5c6d8eab864

Headers

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 8KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 8KB