CGI[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CGI.exe
Size

9.0MB
MD5

963abbb76028ef9d225920333a523cd0
SHA1

1791f1a2bdd56a78c808093fedb1ccad8abf657a
SHA256

852ef77a13314f9ffacd3bf1f481bb7173e411b3b0b5a47bcc1dc256aedcca07
SHA512

aab26ae31f7d338104242cafe90d45a378b26482539fef59ac75aef894a5a007ea4eee92667ff0e6e4972e21f094aaff3881274d6e20d6ae35aef9a3d6d4d4f2
SSDEEP

196608:fezpBIQcJd4dZM5g5lI7lA7OvdOKoLxeb/h2st:epMt5eHiL8eb/h2s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CGI.exe

Files

CGI.exe
.exe windows:4 windows x86 arch:x86

c086bc9de3d34586f34c04e4345dd520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrW

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.MPRESS1
Size: 8.9MB - Virtual size: 21.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE