xp[.]cn_cgi[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xp.cn_cgi.exe
Size

15KB
MD5

328873cb09b771c6c48f8609400a3e6a
SHA1

39f6690c8489e8799a4231b09b30aaed02b5e6f6
SHA256

2168f7e0364893044ad79ef2ff9b0e5486e520da4bf7d5b7d26775019b516a81
SHA512

d8cbcc20d7d52aac5be39f7a00986736e093b9f1993cbb69ebf1ff4fe1ab305e26df1dcb2dd45def5b2350127c89f0bd0e11c3d1e32a4464e0e605599f926aab
SSDEEP

96:NF0omEh3Zc3sdw26TdTx0+Ze5m57uENQ8/AxaE5+:X0APc3S6RTx0+Ze5m57uj0cas+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xp.cn_cgi.exe

Files

xp.cn_cgi.exe
.exe windows:6 windows x86 arch:x86

09aad09f2189f6561359ac1f07680a61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
WaitForMultipleObjects
SetProcessShutdownParameters
LeaveCriticalSection
InitializeCriticalSection
SetErrorMode
GetEnvironmentVariableA
WaitForSingleObject
GetCommandLineA
Sleep
CloseHandle
CreateThread
ExitProcess
SetEnvironmentVariableA
CreateProcessA
GetTickCount
GetExitCodeProcess

ws2_32

setsockopt
htons
socket
WSAStartup
listen
select
bind

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ