msgconv[.]exe | Triage

General

Target

msgconv.exe
Size

31KB
MD5

90f9e5933606f550e1bac42570345da5
SHA1

a7bbd7f25d714e93d5ba56856f1547d9b218e109
SHA256

c4107a58fc8302ce46c4c1066f792d9435a95df429d8df3509ddccd4a6a3e6f0
SHA512

5bf5bb150338c705f807e2a98a9782ed8f3977fc3524aa5c3ff2ca6e0b0bc0b18730d8f63b4d6385db96a75eb24a10111de56ad2acd0f1f9596ef11576f3c801
SSDEEP

384:QUrHP1S2ccwXcI4aFHvlCe0m0fbJgqTVthA5xhXkjSOG:Z7M2ccFJaFPlCe0mA5tsxh0A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msgconv.exe

Files

msgconv.exe
.exe windows:4 windows x86

03bfe9aced2191489d2dcc79ae86fb38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cyggettextsrc-0-14-1

dir_list_append
iconv_msgdomain_list
input_syntax
line_comment
message_page_width_ignore
message_page_width_set
message_print_style_escape
message_print_style_indent
message_print_style_uniforum
message_print_syntax_properties
message_print_syntax_stringtable
msgdomain_list_print
msgdomain_list_sort_by_filepos
msgdomain_list_sort_by_msgid
read_po_file
line_comment
line_comment
line_comment
input_syntax
input_syntax

cygwin1

__getreent
__main
abort
atexit
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
fputs
free
getenv
malloc
printf
pthread_atfork
putchar
realloc
setlocale
strlen
strncmp
strtol

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

cygintl-3

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

cyggettextlib-0-14-1

close_stdout
error
error_print_progname
gnu_basename
locale_charset
maybe_print_progname
program_name
set_program_name
error_print_progname
program_name
program_name
program_name

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

03bfe9aced2191489d2dcc79ae86fb38

Headers

File Characteristics

Imports

cyggettextsrc-0-14-1

cygwin1

kernel32

cygintl-3

cyggettextlib-0-14-1

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 32B

.bss Size: - Virtual size: 272B

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 32B

.bss
Size: - Virtual size: 272B

.idata
Size: 2KB - Virtual size: 2KB