a[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

a.exe
Size

89KB
MD5

978e38614414f72d859df197564f26d1
SHA1

07fe2b7f425ac6bf6603071a4614c96d4726cbe2
SHA256

0e9aa9c90d050ebc573d9bc251e45eb3ddc5c863f40bdc91fc4544468fc92ca1
SHA512

ff7bd888c81a096c022df99091395515dc00186be981db5e8c884ba9cf2f2872595bb95cec29117aedfa4f37b918b7e232ac3720287a3c2c34302b21190e20eb
SSDEEP

1536:UWU22g2ecavjohjkvjAujQfAjwp2LAPTYTZss4H7lwNOVYEpWC85RN8uQd7FGTNd:UWU2NtsxblwUA9EwTNTB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a.exe

Files

a.exe
.exe windows:6 windows x86 arch:x86

3bdda3a5a5ce3058a9e91cd89dd486a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

libc++

_ZNKSt3__16locale9use_facetERNS0_2idE
_ZNKSt3__18ios_base6getlocEv
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEjc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED1Ev
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE3getEv
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE3putEc
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5flushEv
_ZNSt3__13cinE
_ZNSt3__14coutE
_ZNSt3__15ctypeIcE2idE
_ZNSt3__16localeD1Ev
_ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv
_ZNSt3__18ios_base5clearEj
_ZSt18uncaught_exceptionv
_ZSt9terminatev
__cxa_begin_catch
__cxa_end_catch
__gxx_personality_v0

libunwind

_Unwind_Resume

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strncmp

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gcc_exc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/66
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bdda3a5a5ce3058a9e91cd89dd486a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libc++

libunwind

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 248B

.00cfg Size: 512B - Virtual size: 4B

.eh_fram Size: 1024B - Virtual size: 700B

.gcc_exc Size: 512B - Virtual size: 160B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 780B

/4 Size: 5KB - Virtual size: 5KB

/18 Size: 2KB - Virtual size: 1KB

/31 Size: 17KB - Virtual size: 17KB

/43 Size: 9KB - Virtual size: 8KB

/55 Size: 4KB - Virtual size: 4KB

/66 Size: 512B - Virtual size: 264B

/80 Size: 16KB - Virtual size: 15KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 248B

.00cfg
Size: 512B - Virtual size: 4B

.eh_fram
Size: 1024B - Virtual size: 700B

.gcc_exc
Size: 512B - Virtual size: 160B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 780B

/4
Size: 5KB - Virtual size: 5KB

/18
Size: 2KB - Virtual size: 1KB

/31
Size: 17KB - Virtual size: 17KB

/43
Size: 9KB - Virtual size: 8KB

/55
Size: 4KB - Virtual size: 4KB

/66
Size: 512B - Virtual size: 264B

/80
Size: 16KB - Virtual size: 15KB