pmake[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pmake.exe
Size

212KB
MD5

3336d796f44ba08102a86ac492fdd4f6
SHA1

7706f90d388cd834df3768fe0f9a1c22677856ea
SHA256

6ea1ec498ae9e9afb8d092637e29b59ae0aa7fed9857a7043ba9197da3146e9c
SHA512

762108dfbebf76f53002b5cfea547d47c78ccaead61ed3a49dfd96617f9c1ef29565c82dbfc6888ac1cf2692893511f2913409ad07abbef131c043cf43443e9c
SSDEEP

3072:LHH/o1iyTqo4Vn1WUDzx+rVxQEcvEv1HXyAW4qQjJLGk/aPFtjx:j0iNoEXzxkuG1HPbdCjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pmake.exe

Files

pmake.exe
.exe windows:4 windows x86

633aa7240b7fb372baf12fc3fd17adb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
SetConsoleCtrlHandler
RaiseException
RtlUnwind
GetLastError
CloseHandle
DuplicateHandle
GetCurrentProcess
GetFileType
CreateFileA
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteFileA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
ExitProcess
FlushFileBuffers
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetFileAttributesA
GetDriveTypeA
GetFullPathNameA
ReadFile
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
LCMapStringA
LCMapStringW
SetEnvironmentVariableW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CompareStringA
CompareStringW
SetFileAttributesA
FindNextFileW
FindFirstFileW
SystemTimeToFileTime
FormatMessageA
RemoveDirectoryA

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

633aa7240b7fb372baf12fc3fd17adb5

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 296B

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 296B