cmd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cmd.exe
Size

1.2MB
MD5

92da1381ea193e70fa7f88948dcbff78
SHA1

0014682cb2a72ba4d80c07517cc7374b720b0a38
SHA256

85f32b95e85bb67c9623a58b0ba04a903e227709cc81f56efa7d9749a1fa2617
SHA512

45a28023693d4da1854caca320d3890d527ecd982fb66cbdabbfbcb809d94cad08ddf5b12de7da4366404c8b48c57644afd7be3ac6df0a9be169ad42f8a7379b
SSDEEP

12288:1040+W+aqpteLNG4OBC+PUIiN2L6F789CB:1lWp4te0nfLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmd.exe

Files

cmd.exe
.dll windows:4 windows x86 arch:x86

5bf3a08b42ea033c5cfa7edf0758d82c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

kernel32

AddConsoleAliasW
AllocConsole
Beep
CloseHandle
CopyFileExW
CopyFileW
CreateDirectoryW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
DeviceIoControl
DuplicateHandle
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushConsoleInputBuffer
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetCommandLineW
GetConsoleAliasW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTime
GetTickCount
GetVersionExW
GetVolumeInformationW
GetVolumePathNameW
GlobalMemoryStatus
HeapAlloc
HeapFree
InterlockedExchangeAdd
IsBadReadPtr
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LocalReAlloc
MoveFileExW
MoveFileW
MultiByteToWideChar
ReadConsoleInputW
ReadFile
RemoveDirectoryW
ResumeThread
SearchPathW
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetLocalTime
SetProcessAffinityMask
SetStdHandle
SetVolumeLabelW
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenW

msvcrt

_itow
_pclose
_snwprintf
_stricmp
_vsnprintf
_wchdir
_wcsicmp
_wcslwr
_wcsnicmp
_wcsnset
_wcsupr
_wfopen
_wgetdcwd
_wpopen
_wtoi
bsearch
fclose
fgetws
free
isalnum
isalpha
iswctype
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
sprintf
strchr
strcmp
strcpy
strcspn
swprintf
toupper
towlower
towupper
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcscspn
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstok
wcstol
wcstoul

user32

LoadStringW
MessageBeep

ntdll

DbgPrint
RtlAssert
vDbgPrintExWithPrefix

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 936KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bf3a08b42ea033c5cfa7edf0758d82c

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ntdll

Sections

.text Size: 92KB - Virtual size: 89KB

.data Size: 4KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 9KB

.bss Size: - Virtual size: 77KB

.edata Size: 4KB - Virtual size: 48B

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 936KB - Virtual size: 932KB

.reloc Size: 8KB - Virtual size: 6KB

.rossym Size: 144KB - Virtual size: 143KB

.text
Size: 92KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 9KB

.bss
Size: - Virtual size: 77KB

.edata
Size: 4KB - Virtual size: 48B

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 936KB - Virtual size: 932KB

.reloc
Size: 8KB - Virtual size: 6KB

.rossym
Size: 144KB - Virtual size: 143KB