WinXP[.]Horror[.]Peacful[.]exe | Triage

Sharing

General

Target

WinXP.Horror.Peacful.exe
Size

54.9MB
MD5

b1940cff31a3a1f51d6eb4492657be9b
SHA1

2562282b0538fb8647621b29435d19c757d7b309
SHA256

556444ff1fee8aa32d1418c409535909c3c0cb0adaa87488ca0c03ee3b5e8006
SHA512

81b6d263dfe65ccc702bcb85feee6c1f1c78c4a2cb62c3a52c6dd520511297d773fa4dca471132df1f1e3fd1a6fb00851ec4670c48df44572990553f54f4c77c
SSDEEP

1572864:2j6L5PLk/mBnyKOYl39GFpFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvF6:26dzV9GLFEujFMm+B997DaNHN1oS72fv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinXP.Horror.Peacful.exe

Files

WinXP.Horror.Peacful.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54.4MB - Virtual size: 54.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ