elfedit[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

elfedit.exe
Size

40KB
MD5

62b5065a6fbeb5c83967b24cd3f1c56a
SHA1

882860a2ec18332bdfbaba5e2bf2162e12a8c2d7
SHA256

9f4f9c8a75a46e4442a0b65c754b7af948eeab08674a485e936aec8bbed45a97
SHA512

0941801d80e8efeae184936e37cb4505971834a6b2eb4259901b2f05d56d036150c02dbbfa8550810c71371ab21f386b46834a8cae5e1aa6680f83166fe00084
SSDEEP

384:mvcIKZkbowGIiJNZXhtv7RF+xytI1JWe1KmPu0cG1XVNdii6ogQDt9YjZc8ayVv+:a6G8VLPkxpNnj83VqrvzZN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
elfedit.exe

Files

elfedit.exe
.exe windows:4 windows x86 arch:x86

4f6125d02bdafc4b1529741b5e6ec7cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_close
_errno
_exit
_fmode
_initterm
_iob
_isatty
_lock
_onexit
_open
_snwprintf
_stati64
_strdup
_stricmp
_stricmp
_unlock
_vsnprintf
abort
calloc
exit
fclose
ferror
fflush
fopen
fprintf
fputc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
malloc
memcmp
memmove
memcpy
printf
puts
raise
realloc
rewind
setlocale
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strtoul
vfprintf
wcscpy

user32

MessageBoxW

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f6125d02bdafc4b1529741b5e6ec7cc

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 336B

.rdata Size: 8KB - Virtual size: 8KB

/4 Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 336B

.rdata
Size: 8KB - Virtual size: 8KB

/4
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B