zg6tjcsk7gj[.]exe | Triage

Sharing

General

Target

zg6tjcsk7gj.exe
Size

1.7MB
MD5

a33806f282f36b29aa8613305194becb
SHA1

bd7fab6796f41cd9bb55f727782852102b17286c
SHA256

a145d7e1ffd47e4412bf2cad636253c444077078dc770473860f875e08a56767
SHA512

193f718d4d9eb2e7dbf178a319adc99cc3109a95542763c92caec05d7176b728bc06c0fd0d9c19d8c748168a1aaf13792bad14fdc6649d496912f1c7755cc446
SSDEEP

49152:xvI6SglMiYkk0TRkWGFIyca6KBDbEQXGQO1:Lk0TxQcafhEQXGQO1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zg6tjcsk7gj.exe

Files

zg6tjcsk7gj.exe
.exe windows:6 windows x64 arch:x64

64216e759b0d83c178b41cd647fa4aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlGUIDFromString
RtlAllocateHeap
RtlGetVersion
RtlInitUnicodeString
NtQuerySystemInformation

kernel32

ExitProcess
GetCurrentProcess
GetStdHandle
WriteFile
SetConsoleMode
GetModuleFileNameW
GetFirmwareEnvironmentVariableA
CreateFileW
GetConsoleMode
GetLastError
SetFileInformationByHandle
ReadConsoleInputA
GlobalAlloc
GlobalFree
CloseHandle
GetCommandLineA
GetProcessHeap
Sleep

user32

SetClipboardData
wvsprintfA
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA

advapi32

AdjustTokenPrivileges
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ