gawk[.]exe | Triage

Sharing

General

Target

gawk.exe
Size

191KB
MD5

3436eab6988e8a911895122ed1862836
SHA1

93f464cb986a95fbf7e5c96cc484593bbfeb3d07
SHA256

c8af969f2a9a9f05d22ad9373f019d6c3137ba2f2db4df25c1b6efc98756c77e
SHA512

df33d1f24aa1591174b2aa4ad08ae1752ce1d86a903ff17f1001e3f45e613a166020420f5578e313097f43aad4f67ecd1e5b7e82eaaeda876a11de4245193950
SSDEEP

3072:mbCutS3/YZXVzJ4xsfiKI3X3jLOzIgbttmR+pcGXofWceMG2jzB+QsPTu3jrpXfw:mUvYZlzJiG1I3X3yntfofBeMG2jzFsPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gawk.exe

Files

gawk.exe
.exe windows:4 windows x86

373d4099fba2ec2ffa175a957ae0977e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

_close
_dup
_fdopen
_fileno
_fstat
_getpid
_isatty
_lseek
_open
_pclose
_popen
_read
_setmode
_strlwr
__getmainargs
__isascii
__iscsym
__iscsymf
__p__environ
__set_app_type
__toascii
_assert
_cexit
_errno
_fileno
_fmode
_fpreset
_iob
_setjmp
_setmode
_stricmp
_strnicmp
_wcsicmp
abort
atan2
atexit
atof
atoi
calloc
ceil
clock
cos
ctime
exit
exp
fclose
ferror
fflush
floor
fmod
fopen
fprintf
fputs
free
fwrite
getenv
isalnum
isalpha
iscntrl
isdigit
islower
isprint
ispunct
isspace
isupper
isxdigit
localtime
log
longjmp
malloc
memcpy
memset
pow
printf
putc
putchar
qsort
realloc
setlocale
signal
sin
sprintf
sqrt
sscanf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strncmp
strrchr
system
time
tolower
toupper
vfprintf

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE