demo (2)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

demo (2).exe
Size

100KB
MD5

d82b18f77a0b3f3aee78ec5bbe6beae6
SHA1

5621583001f8fc85db8402dfb6c13b83adffef3c
SHA256

bfa22391cb22e012c68bc152a4ff753589d022b0cd7c9d93e669e0f6911d5150
SHA512

56a83ec98ab30d43de8ee1e419ad920431e981ed705aaf75b72be17111e6fd812d143ce33f835d2a3f60dadc0ae796cf099e7774815b364bbeafae662a830e91
SSDEEP

1536:eGNKbTYKKdjJBLgYRIltJIx6bYdKogZ3phEckWVKLw9APN0:eGoHYKYjJBLgYRIexvSUc99++

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
demo (2).exe

Files

demo (2).exe
.exe windows:4 windows x86 arch:x86

5c478fc85ee931fd026bb65961c988e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
accept
getpeername
recvfrom
recv
connect
ioctlsocket
socket
setsockopt
bind
listen
closesocket
getsockname
sendto
send
WSAGetLastError
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
free
memset
memcpy
calloc
strlen
_ftol
rand
strncmp
strcpy
strcmp
strchr
fclose
ftell
fseek
_wfopen
_wstati64
wcscat
strncpy
fread
fwrite
rename
remove
_mkdir
memcmp
memchr
_errno
strtol
atoi
memmove
strrchr
putchar
sscanf
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr

kernel32

GetTickCount
Sleep
FindNextFileW
FindClose
WideCharToMultiByte
SetLastError
GetFileAttributesW
FindFirstFileW
MultiByteToWideChar

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE