mercury[.]exe | Triage

General

Target

mercury.exe
Size

766KB
MD5

98eac906e5f36b0fa6324a705911d57c
SHA1

d8dcf79e53ed664a8d0ff75bfce2149419e544d0
SHA256

17fb5500523e33e1a2848e4960428c7407d6b7cd2a48100f215e7bf3c574d4b3
SHA512

237f6364198e6a9d272911a627fe43f49b46697eda97693986dadc633cef1f92783cdaa1f977f305d57089b68762974897c8b0e3566bb18c04edf72a74202067
SSDEEP

12288:GiQAK4/SuYrtg7JEz26CiE1ruQNv6uRdUdckyRBsGvqVmXdrmoz8mCtcNU8k:GiQAK4/WgVEi6CiY6QNv6cUdcbRjyVm4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mercury.exe

Files

mercury.exe
.exe windows:4 windows x86

bd3fbfda94cba75f96446ec56a9a89f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__main
__progname
_ctype_
abort
accept
atoi
bind
calloc
chdir
close
closedir
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fcntl
fdopen
fflush
fileno
fopen
fprintf
fputc
fread
free
fseek
ftell
fwrite
getc
getcwd
getenv
gettimeofday
isgraph
isprint
ispunct
isspace
listen
localtime
malloc
memchr
memcpy
memmove
memset
mkdir
opendir
pathconf
posix_regcomp
posix_regerror
posix_regexec
printf
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
readdir
realloc
recv
rename
rmdir
select
send
setlocale
setsockopt
setvbuf
shutdown
signal
socket
sprintf
sscanf
stat
strcasecmp
strcat
strchr
strcmp
strcoll
strcpy
strdup
strerror
strftime
strlen
strncmp
strncpy
strtod
strtol
strtoll
strtoul
strtoull
strxfrm
time
tolower
toupper
ungetc
unlink
vfprintf
vsnprintf

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd3fbfda94cba75f96446ec56a9a89f0

Headers

File Characteristics

Imports

cygwin1

kernel32

Sections

.text Size: 668KB - Virtual size: 668KB

.data Size: 7KB - Virtual size: 7KB

.rdata Size: 87KB - Virtual size: 86KB

.bss Size: - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 668KB - Virtual size: 668KB

.data
Size: 7KB - Virtual size: 7KB

.rdata
Size: 87KB - Virtual size: 86KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 2KB