tar[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tar.exe
Size

72KB
MD5

250c90d4a6e1c02a32cb4d264bf37574
SHA1

61a4ed0bd049860763d1c92ed8778dabcacecfb5
SHA256

d1a44e5038847f3ec22b899ee3469004f0a5f58afcbf5c920431cad3426b5a38
SHA512

ebcfbfd723ca4f1f97d0d4325117e56e6c811471f29860f7c89707787f1752e634cd4c3483a1bbf0a3de8927712e8db6799cefe0022acfd9aab1281613b3ac2d
SSDEEP

1536:7N71avYFHNqD4gzGft51EtnnXmdBQ5B25eJwKhxDUVT4:7NDgyt5GnWUvJ5xDUVT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tar.exe

Files

tar.exe
.exe windows:4 windows x86 arch:x86

7799009ca19ed3c613eccb670800faef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libarchive-2

archive_compression
archive_compression_name
archive_entry_copy_hardlink
archive_entry_copy_pathname
archive_entry_copy_sourcepath
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_hardlink
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mtime
archive_entry_mtime_nsec
archive_entry_new
archive_entry_nlink
archive_entry_pathname
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_gname
archive_entry_set_pathname
archive_entry_set_size
archive_entry_set_uname
archive_entry_size
archive_entry_sourcepath
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_uid
archive_entry_uname
archive_errno
archive_error_string
archive_file_count
archive_format
archive_format_name
archive_position_compressed
archive_position_uncompressed
archive_read_close
archive_read_data
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_entry_from_file
archive_read_disk_new
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_extract
archive_read_extract_set_progress_callback
archive_read_finish
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_open_fd
archive_read_open_file
archive_read_set_options
archive_read_support_compression_all
archive_read_support_compression_program
archive_read_support_format_all
archive_read_support_format_gnutar
archive_read_support_format_tar
archive_version
archive_write_close
archive_write_data
archive_write_finish
archive_write_header
archive_write_new
archive_write_open_fd
archive_write_open_file
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_format
archive_write_set_format_by_name
archive_write_set_format_pax_restricted
archive_write_set_options

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetCurrentDirectoryA
SetCurrentDirectoryW
SetFilePointerEx
SetUnhandledExceptionFilter
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_stat
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_close
_errno
_flsbuf
_get_osfhandle
_getcwd
_iob
_isctype
_onexit
_open
_pctype
_read
_setmode
_strdup
abort
atexit
atoi
calloc
exit
fclose
fflush
fopen
fputc
fputs
fread
free
fwrite
getenv
gmtime
iswctype
localeconv
localtime
malloc
mbtowc
memcpy
memmove
realloc
setlocale
signal
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
time
tolower
vfprintf
wcslen
wcsncpy

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7799009ca19ed3c613eccb670800faef

Headers

File Characteristics

Imports

libarchive-2

kernel32

msvcrt

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 1024B - Virtual size: 868B

.rdata Size: 9KB - Virtual size: 9KB

.eh_fram Size: 512B - Virtual size: 228B

.bss Size: - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 1024B - Virtual size: 868B

.rdata
Size: 9KB - Virtual size: 9KB

.eh_fram
Size: 512B - Virtual size: 228B

.bss
Size: - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB