Defrag[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Defrag.exe
Size

180KB
MD5

537bfba3084bae2892c0fcaa08a12c0b
SHA1

7e11c73d5836d7af8ea774f1aca5a8613511fe66
SHA256

e12f5a5804519a4c8f4eda5b27b3477d89aa4b80e5d9bfa359c1d6794d947965
SHA512

6aea8a9a0ae2f08b9bdd6f50f7ae11b2e6c478c2b9fcf366ba3f7e343393594cae4b1d0f05d9050ac5f97767a16f5a93440c0b9703721695d63336cb5818019c
SSDEEP

3072:Iw3qMDpKdhTivZeCCwpVb4C6c5Q3eSjlR+8qxLijgJyfFOG83Yj34YFnw6OC2c9+:b3tpghEeUc3lRGOUZGKc4YFnwjCpW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Defrag.exe

Files

Defrag.exe
.exe windows:6 windows x64

c815e8e72e2b3316e4709ba7a4494af9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
EnableTraceEx2
StartTraceW
ControlTraceW
RegQueryValueExW

kernel32

GetFileAttributesW
DeleteFileW
FreeLibrary
GetVolumeNameForVolumeMountPointW
InitializeSListHead
GetVolumePathNamesForVolumeNameW
LoadLibraryExW
LocalAlloc
GetSystemDirectoryW
ExpandEnvironmentStringsW
SetLastError
GetVolumeInformationW
MoveFileExW
DeviceIoControl
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
FormatMessageW
InterlockedPopEntrySList
RtlCaptureStackBackTrace
InterlockedPushEntrySList
CreateThread
WaitForMultipleObjects
ResetEvent
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEvent
DeleteCriticalSection
SetThreadUILanguage
GetLastError
GetConsoleOutputCP
GetProcessHeap
HeapSetInformation
GetModuleHandleW
CloseHandle
WaitForSingleObject
CreateEventW
DuplicateHandle
OpenProcess
CreateFileW
GetVersionExW
LocalFree
SetConsoleCtrlHandler
GetCurrentProcess
GetVolumePathNameW

msvcrt

_commode
_fmode
_lock
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
_unlock
_amsg_exit
_XcptFilter
mbtowc
localeconv
_wsetlocale
_vsnwprintf
swscanf_s
wprintf
??2@YAPEAX_K@Z
wcschr
memmove
_vscwprintf
iswspace
__dllonexit
??3@YAXPEAX@Z
_onexit
?terminate@@YAXXZ
__wgetmainargs
memcpy
__C_specific_handler
memset

api-ms-win-core-com-l1-1-1

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoDisconnectObject

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

RtlFreeHeap
EtwTraceMessage
RtlNtStatusToDosError
RtlSetThreadErrorMode
RtlGetLastNtStatus
RtlAllocateHeap

sxshared

SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SxTracerGetThreadContextRetail

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c815e8e72e2b3316e4709ba7a4494af9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-rtlsupport-l1-2-0

ntdll

sxshared

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 512B - Virtual size: 92B