fold[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fold.exe
Size

23KB
MD5

49910472018d7630a65001b988c8ccbf
SHA1

aa1b09b2405b33eb2490dba16d7d1363cfa04a4f
SHA256

36f49c325c01dfe8480ebf1a04b5c9e83b6428d8105c523d436e628e23025ef0
SHA512

07c9f4e671fad0c40e4f18d16047514e3586b1ec6222aea2329257944ead877935ac4df763230b24bea382fd747080cf687d1e5114a70dc7858f7c0ae3a2337b
SSDEEP

384:b8NAhd0zOMIm4koA8Joza21eLhGsgdagjBuRDOqQhyPhyqVbirvyZhwG:HtA8qbeLhGsgwmUDOOPhyqVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fold.exe

Files

fold.exe
.exe windows:4 windows x86 arch:x86

f758c2adcdf131a3af36b8581a5e4931

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__assert
__errno
__main
_ctype_
abort
atexit
calloc
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fopen
fputs
free
fwrite
getc
getenv
malloc
memcpy
memmove
memset
putc
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
strtoul
vsnprintf

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_textdomain
libintl_vfprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 620B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE