Win32[.]Triton

Sharing

Copy URL Twitter E-mail

General

Target

Win32.Triton
Size

84KB
MD5

1904cad4927541e47d453becbd934bf0
SHA1

aafa932eda97859e2b72772a3a8581760e860a46
SHA256

70efbd074326e7bbd4e851ded5c362fe5fe06282ed4bbb4b9f761f1b12ee32f7
SHA512

c8566ffcbc6d32a727048505c89ff1cbc9c4a085d52ee9fece7242b5dde21fbfd68d57b75e0b0669f078a6ab0497e3499f4bad8037969f6cd3ceec2eb4d543b6
SSDEEP

1536:KpLqZAkSUTNpXYeelvo3jXHRvTI3QLkPJhzkMdjFA4DQh:KR3URpuordTaQL2hRdJJQh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Win32.Triton

Files

Win32.Triton
.exe windows:5 windows x86 arch:x86

31962d1d3840fce82041426cd85537d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrA
PathFindFileNameW

kernel32

HeapFree
FlushFileBuffers
Sleep
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
TerminateProcess
CloseHandle
TerminateJobObject
GetLastError
CreateProcessW
SetHandleInformation
CreatePipe
AssignProcessToJobObject
CreateJobObjectW
DeleteFileW
ReadProcessMemory
ReadFile
GetFileSize
CreateFileW
GetFileAttributesW
WriteFile
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
PeekNamedPipe
GetExitCodeProcess
GetTickCount
CreateEventA
WaitForMultipleObjects
CancelIo
GetOverlappedResult
ResetEvent
CreateNamedPipeA
GetNamedPipeInfo
CreateFileA
DisconnectNamedPipe
ConnectNamedPipe
GetCurrentProcess
GetProcAddress
GetModuleHandleA
WriteConsoleW
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetStartupInfoW
HeapAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

shell32

ShellExecuteW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31962d1d3840fce82041426cd85537d3

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

shell32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB