file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

6.9MB
MD5

69ba37af776e9bc6d82b92622b643f9d
SHA1

82cac280f4330ad49436eadc6ae783ad0f6e437a
SHA256

63f30d7f027b58f513b600e27d0120b86041d5fa11134baae00d782c678fa5d2
SHA512

f836731f1d61f2f02024c9938e64fd6e3eb88c0a8f3505427bbbb3f8bc52f297ba5697b2865278c62b6c9472cfc8ef40e222db9f2147c4bbedf8f508e54161d8
SSDEEP

98304:G52m9gOdlluTw+at0E7IuShzwxqsf+8VdMPG5oWjAa9Y7VGUcSPhpCLw/Z5ZBbd:y6OdM9CKtsf/eu9jAF71cqjFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows:6 windows x86 arch:x86

057f073470405518f73f377511b70458

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDC
CharUpperBuffW

gdi32

BitBlt

Sections

.text
Size: - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ