otfinfo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

otfinfo.exe
Size

304KB
MD5

ed2b48f4c95760d327d94c28ef877259
SHA1

088bbcc615a51e9538ff5420ca69928110b9292a
SHA256

64f7eca9e22d65832caf5fb92b1b2eee13a2b23ad2f8e191c3c005d174552c44
SHA512

82ad077ff115d072461315dc2db7a7c4852f29a935a58e0e3d179cf4f3e178b3f8d24d5643a1153feeb8dd45abb4a029ba1dec33d4ec962a06455ef42accfa84
SSDEEP

6144:dlUnXn4ps5nTsdE/ycBzM3ev1WAAtHjy1i:jUnX4a5nTsdE/ycKO8DL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
otfinfo.exe

Files

otfinfo.exe
.exe windows:6 windows x86 arch:x86

e05913f0b0e9fb06c3989785aea76ea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohl
ntohs

kernel32

SetEndOfFile
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
RaiseException
RtlUnwind
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
CreateFileW
HeapSize
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
ReadFile
GetConsoleMode
ReadConsoleW
GetConsoleCP
OutputDebugStringW
SetStdHandle
GetStringTypeW
DecodePointer
FlushFileBuffers
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e05913f0b0e9fb06c3989785aea76ea5

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 207KB - Virtual size: 206KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 9KB - Virtual size: 21KB

.gfids Size: 512B - Virtual size: 300B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 9KB - Virtual size: 21KB

.gfids
Size: 512B - Virtual size: 300B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 13KB - Virtual size: 13KB