demo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

demo.exe
Size

100KB
MD5

a09ad449bb1a10ad72b11e4dc47f73f2
SHA1

85c99a1af848d1801ef86db8e287047255278b32
SHA256

cd772b4c6ef010b7b42f0576a31add9c65805337e0239ec3e22cc8232f700888
SHA512

5d3037c853f0ad0ea92c164a9f794b829fe717ca0dc21aa86910d7b547bb38bd47c47c243fa682f1753b2f41e10ae06163fe29b73526544e03d7717f0aba041c
SSDEEP

1536:LWiTVwwdrZvEqIV8XAB6QZXbSxKogZ3pha8Q62Km0nCSjcEN0:LWuVwmrZsqIVeAOWK8o+C8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
demo.exe

Files

demo.exe
.exe windows:4 windows x86 arch:x86

5c478fc85ee931fd026bb65961c988e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
accept
getpeername
recvfrom
recv
connect
ioctlsocket
socket
setsockopt
bind
listen
closesocket
getsockname
sendto
send
WSAGetLastError
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
free
memset
memcpy
calloc
strlen
_ftol
rand
strncmp
strcpy
strcmp
strchr
fclose
ftell
fseek
_wfopen
_wstati64
wcscat
strncpy
fread
fwrite
rename
remove
_mkdir
memcmp
memchr
_errno
strtol
atoi
memmove
strrchr
putchar
sscanf
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr

kernel32

GetTickCount
Sleep
FindNextFileW
FindClose
WideCharToMultiByte
SetLastError
GetFileAttributesW
FindFirstFileW
MultiByteToWideChar

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE