compact[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

compact.exe
Size

20KB
MD5

d3974592572c81d7dab11fbad00f7873
SHA1

2f4ee536af53073eef352700929018894a27fa3b
SHA256

e8a17a751e21fa078948ac928ac0ebfe63b8adfd33c369b5b48b86cac5aa5990
SHA512

2034dd513f6166fe172b1c05eae9b685e703a68629ece0d8724c5c32ce97fae073d496d382000e4b6e49e79bfabc6ea9fcbf67748f391d7325b517c8c2f93bac
SSDEEP

384:fMBMTMFBDts0CqD9FtszQx9XiIPs1EvpJ3IaeucCVxGZi4Onk3FCGedNZWkiW:f/M3Dts9qD9bszQfCEvcaeIVxG6kwndL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
compact.exe

Files

compact.exe
.exe windows:6 windows x64

515236f8af3f683a2a3d7852b0c60b0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CharToOemW

shell32

CommandLineToArgvW

kernel32

GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadUILanguage
WriteFile
GetConsoleMode
GetLocaleInfoW
FormatMessageW
WriteConsoleW
lstrlenW
GetStdHandle
GetLastError
GetFileType
GetFullPathNameW
GetCommandLineW
FindFirstFileW
GetCompressedFileSizeW
GetFileAttributesW
CreateFileW
lstrcmpW
SetThreadPreferredUILanguages
GetCurrentDirectoryW
SetLastError
FindClose
SetCurrentDirectoryW
DeviceIoControl
HeapSetInformation
FindNextFileW
CloseHandle
GetFileInformationByHandle
SetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wcsnicmp
swprintf_s
wcscpy_s
wcsncmp
_get_osfhandle
memcpy_s
_wcsicmp
wcschr
wcscat_s

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

515236f8af3f683a2a3d7852b0c60b0f

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

kernel32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 16KB

.pdata Size: 512B - Virtual size: 384B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 512B - Virtual size: 384B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B