demo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

demo.exe
Size

204KB
MD5

db6b19230795abeaa537825d2945354b
SHA1

87a7cca23962c56e931c897c137cbc3781481199
SHA256

64de8d55278c5d9c75e30e48a983e415e3aa0b6b0a2c198eb0f77292bec31722
SHA512

ff0a828b7f787b57bb252c21b0e6c3180480502fc5092f93335afaf7618747155055860fc4075a599bfdf50229de4c889a5e3b836e28a71a8cb93318a6b5ff6f
SSDEEP

3072:h3VhjbJz5EB+tcZljNEc1vk5eaiAB9yVZXMy08wRSVr+:h3Vhpz5k+tcZ/l1vk5eWB9By04VS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
demo.exe

Files

demo.exe
.exe windows:4 windows x86 arch:x86

41fd0ee64464f38e49522b3ebe5be36e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
accept
getpeername
recvfrom
recv
connect
ioctlsocket
socket
setsockopt
bind
listen
closesocket
getsockname
sendto
send
WSAGetLastError
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
free
memset
memcpy
calloc
strlen
_ftol
rand
strncmp
strcpy
strcmp
strchr
fclose
ftell
fseek
_wfopen
_wstati64
wcscat
strncpy
fread
fwrite
rename
remove
_mkdir
memcmp
memchr
_errno
strtol
atoi
memmove
strrchr
putchar
sscanf
srand
_strdup
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr

kernel32

GetTickCount
Sleep
FindNextFileW
FindClose
WideCharToMultiByte
SetLastError
GetFileAttributesW
FindFirstFileW
MultiByteToWideChar

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE