868[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

868.exe
Size

9KB
MD5

7b62da1a65ffc31c55da778b276ad1e2
SHA1

467f0654f9b9888b4cfab99fbcdaa7661007f2d8
SHA256

6f293f095e960461d897b688bf582a0c9a3890935a7d443a929ef587ed911760
SHA512

351468bc08d189eaa550200c6470e0716e6143c88ff715ade742a356b23a16784623281734eccf71242bff639a0120e144d634dc5a108c3a34667cf88fec6b6e
SSDEEP

192:CfiRZmg3bAyrWbw1hMap10ROM64h/c+ggUTIRlwl/+XEB:qiayabwUawRd64h/cOESl2EE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
868.exe

Files

868.exe
.exe windows:5 windows x86 arch:x86

2eeb9e4f6cd432901b60b83fbf9f02cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
ExitProcess
WaitForSingleObject
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
GetCurrentProcess
CreateThread
TerminateProcess
VirtualProtect
GetModuleHandleW
GetCurrentThreadId
GetTickCount
lstrcpyW
lstrlenW
GetProcAddress

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

user32

wsprintfW

Sections

.verif
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bin
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ