chroot[.]exe | Triage

Sharing

General

Target

chroot.exe
Size

20KB
MD5

7f9c92e64acbf5b256caeddae69a28c3
SHA1

b1a6ead824c040bf3663d8a3fb6844adc142fb61
SHA256

323359c2d46444e4fffeac43d5c05d48611e59eb8bc91daecf4775d0510f40b7
SHA512

38ff07ec2986e8049b76925ad7470e4300451d0a2813e07eef05184681cde7a98a9c7345db816f18b137aa0c2bc4670fe4ae092ae0a44a1912da51001f914f35
SSDEEP

384:IQV3p1JtzzhgIC27RQhm79ozau+WR5R1dgda4T5gPOEhQhyPhyqVTx8kZwG:I8vRQhm7mtjRngwuyOEDPhyqVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chroot.exe

Files

chroot.exe
.exe windows:4 windows x86 arch:x86

c7c5eeb1fde85e6c9dde9a82e15ea1bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__errno
__main
_ctype_
abort
atexit
calloc
chdir
chroot
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
execvp
exit
fclose
fflush
fputs
free
getenv
malloc
memcpy
memset
putc
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
vsnprintf

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_textdomain
libintl_vfprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 540B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE