df[.]exe | Triage

General

Target

df.exe
Size

45KB
MD5

60c4e1ec550867a0f921b2936ee3ccaa
SHA1

44824f5bc5cc12c599f37a2b5bd122bb0fd6570a
SHA256

8d10e6f6b780e92b9acff8c7810fc3276e987c8f4db53e400512250f8d8fd1d8
SHA512

186b64f2b1827096aee03087de5af562d71fa0ef97602fe779437b1a81263754ffea10547817f58414fa4194361afebad7a542406910b139664b5218865038df
SSDEEP

768:sJ0BjNR4D6ELO8P3/ePGcUAQuMzIzUROh1MSAUwOFH2lHc220gwRH8Oz5PhyqVTe:sJi5gwxqOsOh1MQ9Zwt8Oz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df.exe

Files

df.exe
.exe windows:4 windows x86 arch:x86

0e6baf12fac2b4bcdeb210d964924029

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__assert
__errno
__main
_ctype_
abort
atexit
calloc
chdir
close
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
endmntent
exit
fchdir
fclose
fflush
fputs
free
getcwd
getenv
getmntent
localeconv
lstat
malloc
memchr
memcpy
memmove
memset
open
opendir
putc
readlink
realloc
rmdir
setlocale
setmntent
stat
statfs
strcat
strchr
strcmp
strerror
strlen
strncmp
strspn
strstr
strtoul
sync
unlink
vsnprintf

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_sprintf
libintl_textdomain
libintl_vfprintf

kernel32

GetDriveTypeA
GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 748B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e6baf12fac2b4bcdeb210d964924029

Headers

File Characteristics

Imports

msys-1.0

msys-intl-8

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 5KB

.data_cy Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 748B

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 5KB

.data_cy
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 748B

.idata
Size: 2KB - Virtual size: 1KB