file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.2MB
MD5

b83892a6b3fd23cbbe7bf63f12a6dd2f
SHA1

472b8d9a6026e033cafb32a8a22572a24ef01e0b
SHA256

f1d145c45cb37752679e4e8c80ccdeb720223d38925716d5e06be9699497432d
SHA512

d99e6bdccb0217be5d46904a32fa18b911f14fb938410c66efdc0e91f6be839b31ffac4d11009da1314fe37c38d3b1c40b7fe2716a22c92841b58b78bd1fb339
SSDEEP

49152:SpUFEv6HthBElrpC6LrM1oZJq1yninm9fpP:SpB9JffpP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows:6 windows x64 arch:x64

486478ba3cb59042106d68cde77416c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetStdHandle
SetStdHandle
SetCurrentDirectoryW
CreateFileW
FindFirstFileExW
FindNextChangeNotification
FindNextVolumeW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFileTime
GetFullPathNameW
GetTempFileNameW
LockFileEx
ReadFile
SetFilePointer
GetVolumeNameForVolumeMountPointW
AreFileApisANSI
EncodePointer
DecodePointer
EncodeSystemPointer
DecodeSystemPointer
SetHandleInformation
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetNamedPipeInfo
GetNamedPipeHandleStateW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapCreate
CreateIoCompletionPort
PostQueuedCompletionStatus
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CancelWaitableTimer
WaitForMultipleObjects
GetProcessTimes
GetExitCodeProcess
GetThreadPriorityBoost
GetThreadPriority
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
DisableThreadLibraryCalls
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
LocalUnlock
LocalShrink
LocalCompact
GetProcessAffinityMask
GetProcessIoCounters
ConvertFiberToThread
CreateFiberEx
CreateFiber
ConvertThreadToFiber
PulseEvent
GlobalDeleteAtom
InitAtomTable
SetHandleCount
SetMessageWaitingIndicator
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommMask
GetCommModemStatus
GetCommTimeouts
TransmitCommChar
GetTapePosition
PrepareTape
EraseTape
CreateTapePartition
WriteTapemark
GetTapeStatus
MulDiv
GetMailslotInfo
SetMailslotInfo
lstrcatW
GetNamedPipeHandleStateA
MapUserPhysicalPagesScatter
GetNumaNodeProcessorMask
GetStringTypeExW
GetCurrencyFormatW
GetSystemDefaultLCID
FillConsoleOutputCharacterW
SetConsoleCP
GetConsoleWindow
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeResource
GetModuleHandleA
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
RtlPcToFileHeader
WriteFile

user32

EnumPropsW
ToUnicodeEx
SetWindowPos
ToUnicode
KillTimer
GetGUIThreadInfo
EnumDisplaySettingsW
GetProcessDefaultLayout
GetCaretBlinkTime
GetClipCursor
GetDlgItem
SwitchToThisWindow
DrawTextW
DrawIcon
DragDetect
GetMenuItemInfoW

winspool.drv

AbortPrinter
ScheduleJob
FindFirstPrinterChangeNotification
WritePrinter

advapi32

DecryptFileW

shell32

SHPathPrepareForWriteW
ord176
ord6
ord75
ord88
ord644
ord2
SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderW
ord23
ord21
ord16
ord18
SHSetLocalizedName
ord180
SHGetDiskFreeSpaceExW
SHFileOperationW
ExtractIconW
DuplicateIcon
DragQueryPoint

magnification

MagGetFullscreenColorEffect

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 326KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

486478ba3cb59042106d68cde77416c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

magnification

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 272KB - Virtual size: 272KB

.data Size: 326KB - Virtual size: 342KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 272KB - Virtual size: 272KB

.data
Size: 326KB - Virtual size: 342KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB