mpg123[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mpg123.exe
Size

167KB
MD5

ce44b2d3c3d7e984cc5820a9447d1112
SHA1

82b2deac68d1ac4d28fe770096a4c47fdbce8266
SHA256

87fe069b24c5bef39a8054c3af98daf77eb42ada41e7d359cbe6a6ccc154f38c
SHA512

d6bc16a54fc5530cb5997c24fb2eb55a3f377ff168c66327974d3a024e167bb9cf4eb9b43242407229251e0cc1c16eb248c2644cddb73f93e2722d051119ee3e
SSDEEP

3072:c7wPSab85vMBu+rUaK44/+9hQBfr0DwZo6IE5ItLmq4gP1M1zc:7PSw85vMBu+rUaK44G4Bj0Dlh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mpg123.exe

Files

mpg123.exe
.exe windows:4 windows x86

6dcaedb2e796d790c64e34b787979839

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED

Imports

kernel32

GetModuleHandleA

cygwin1

__errno
__main
_alloca
atoi
calloc
close
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fdopen
fgets
fileno
fopen
fprintf
free
fseek
fwrite
kill
log
lseek
malloc
memcpy
memset
open
perror
pow
rand
read
realloc
select
setvbuf
sprintf
srand
sscanf
strcasecmp
strcat
strcmp
strcpy
strcspn
strdup
strerror
strncmp
strncpy
strrchr
strtok
tan
time
vfprintf
waitpid
write

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ