abs[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

abs.exe
Size

76KB
MD5

c9f3d577b33099093bbe8796afb8d65b
SHA1

1105e57ac9e5e04ae789f647b9b4c5f4ab3a84fb
SHA256

27b39be0abaaa426e858a07de8a9c5ad86941071c72fd07ec640b0a5d995f532
SHA512

240ba8807417bba401ac7664c344f37d0835b3320eb5885b9220f360af47030121320157e8c7fc9791bee0f1f4c4a725ac02a96e2cff8c30d82a7e6ceebc39a2
SSDEEP

1536:kq1wGtRbl1UsNqEtl8SIl2cuWtUmi0ADA0NE8QskqB3:X19/pust/Il2cCmB0NE8Qsv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abs.exe

Files

abs.exe
.exe windows:4 windows x86 arch:x86

5c61dd5f77c0001c8047750dc5fa9950

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ssleay32

ord78
ord96
ord48
ord75
ord83
ord86
ord108
ord60
ord154
ord33
ord125
ord58
ord127
ord128
ord61
ord130
ord129
ord38
ord40
ord166
ord98
ord110
ord113
ord116
ord172
ord74
ord183
ord15
ord6
ord12
ord286

libeay32

ord251
ord86
ord83
ord198
ord1010
ord654
ord641
ord1653
ord1654
ord652
ord657
ord585
ord653
ord25
ord7
ord3820
ord3903
ord84
ord55
ord3902
ord469
ord250

msvcrt

wcsncmp
wcslen
wcscpy
strerror
modf
strspn
__p__environ
__p__wenviron
_errno
strncmp
strstr
strncpy
srand
rand
_ftol
fopen
perror
fclose
qsort
fflush
calloc
printf
atoi
_isctype
exit
__mb_cur_max
_pctype
strchr
fprintf
_iob
free
realloc
malloc
strrchr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
time
_strdup
_strnicmp
_getpid

kernel32

GetSystemTimeAsFileTime
PeekNamedPipe
ReadFile
GetOverlappedResult
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileInformationByHandle
GetFileType
LocalFree
CreateFileW
CreateFileA
SetFilePointer
GetStdHandle
SetStdHandle
CreateEventA
WaitForSingleObject
GetLastError
FormatMessageA
Sleep
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetTimeZoneInformation
FileTimeToSystemTime
CloseHandle
SetHandleInformation
GetCurrentProcess
DuplicateHandle
TlsFree
TlsAlloc
GetCommandLineW
GlobalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

FreeSid
AllocateAndInitializeSid

wsock32

getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
WSAGetLastError
ioctlsocket
select
__WSAFDIsSet
WSAStartup
WSACleanup
closesocket

ws2_32

WSARecv
WSASend

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c61dd5f77c0001c8047750dc5fa9950

Headers

File Characteristics

Imports

ssleay32

libeay32

msvcrt

kernel32

advapi32

wsock32

ws2_32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB