Trump_Perm[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Trump_Perm.exe
Size

4.0MB
MD5

51e36cb9a286f706eec974442ae01b01
SHA1

c565c8eb9d9b72d801410f4e46f738f964dcd3e9
SHA256

791f1a54fccf2b08670ac2d2ad4dba1b7c53e59c9ac765be7ca3e07162f948ec
SHA512

43227cf149db4a09c6ce6ac6241792d81a4b433d02f4a207409a699972c64ae0fb5df758025ff4e037fe04bed2a68c9fc36ca49548325db5632674ee964bed11
SSDEEP

98304:jhJm4EAohI2OknZnEJvCzFYXKAOKR8Tw3+VZdSj:uC2VSBeFGwwBj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trump_Perm.exe

Files

Trump_Perm.exe
.exe windows:6 windows x64 arch:x64

1d498389450e6498ef9de7e1344f380b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile

user32

ShowWindow

advapi32

CryptGetHashParam

shell32

ShellExecuteA

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ

normaliz

IdnToAscii

wldap32

ord217

crypt32

CertGetCertificateChain

ws2_32

bind

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_open

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-runtime-l1-1-0

_exit

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.^{}
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oYL
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Q&W
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d498389450e6498ef9de7e1344f380b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: - Virtual size: 404KB

.rdata Size: - Virtual size: 99KB

.data Size: - Virtual size: 3KB

.pdata Size: - Virtual size: 17KB

.^{} Size: - Virtual size: 2.3MB

.oYL Size: 512B - Virtual size: 424B

.Q&W Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 200KB - Virtual size: 199KB

.text
Size: - Virtual size: 404KB

.rdata
Size: - Virtual size: 99KB

.data
Size: - Virtual size: 3KB

.pdata
Size: - Virtual size: 17KB

.^{}
Size: - Virtual size: 2.3MB

.oYL
Size: 512B - Virtual size: 424B

.Q&W
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 200KB - Virtual size: 199KB