demo (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

demo (1).exe
Size

204KB
MD5

9ff0f2eb48cbafcc04b03ec1daba1f3e
SHA1

4d6cbd1c53b00888cb103f724de95ff5794490e4
SHA256

d91716693ea5d76668084de7a089c8c0074dab1f28ed6c23742189b187f68192
SHA512

263116c4e2df14067d21a3c013ad645576cc9431b50351bf60b32a178aa61e7e3a8f9083680b3f9e9ccc49802b9c910b51f8046f0df3cc972af31d56ce136361
SSDEEP

3072:Y3VhjbJz5EB+tcZljNEc1vk5eaiAB9yVZXMy08wRSVr+:Y3Vhpz5k+tcZ/l1vk5eWB9By04VS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
demo (1).exe

Files

demo (1).exe
.exe windows:4 windows x86 arch:x86

41fd0ee64464f38e49522b3ebe5be36e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
accept
getpeername
recvfrom
recv
connect
ioctlsocket
socket
setsockopt
bind
listen
closesocket
getsockname
sendto
send
WSAGetLastError
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
free
memset
memcpy
calloc
strlen
_ftol
rand
strncmp
strcpy
strcmp
strchr
fclose
ftell
fseek
_wfopen
_wstati64
wcscat
strncpy
fread
fwrite
rename
remove
_mkdir
memcmp
memchr
_errno
strtol
atoi
memmove
strrchr
putchar
sscanf
srand
_strdup
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr

kernel32

GetTickCount
Sleep
FindNextFileW
FindClose
WideCharToMultiByte
SetLastError
GetFileAttributesW
FindFirstFileW
MultiByteToWideChar

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE