1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

393KB
MD5

0f58955700a934efece7eacadcefc950
SHA1

047b4243a2f1d2894ea4653f166581e871b63639
SHA256

ca0e2e53c24c4339d25101161f12eade64bb8d0624689aff35928ca6cbd3fc2f
SHA512

2ac316f764e88187b4481db08ea1f4fea5caa996d6c2dc6227e21a3db6a2682ed275b8882fe9647eb81630d4a48b09a238603cf0d60036f27f1f2083436f074b
SSDEEP

6144:u4gewv2/ezt5sgbtmSt2LlYXge9A31HlsJ+3nGODyxC245t07gLTT0XK9e+h:uPv2WzTsgbt/YlyveHlso3nzKCrq7gL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.exe

Files

1.exe
.exe windows:6 windows x86 arch:x86

6a06d1fa38af061b6a93049c91c70ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
ExitProcess

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

user32

GetDC
ReleaseDC

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ