ln[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ln.exe
Size

88KB
MD5

19a110ffd3b3f88c55f36b6c211ca57f
SHA1

807d74089d5b8161a7281534af4c82c21abd0ec2
SHA256

0b7fb7c374edbb2cbef89575178be8833c4e899ab8fb5dec9a672fa93594d3fa
SHA512

439c59209345f99bd9672185ddd30eb57979778af0705cf9c027df7329624568cb09f4cbfe8e72611d4c7629236a7c8beba6aad4d085255eebbf71a616fc32a5
SSDEEP

1536:m1zzoknEt9gU/BP++FeNelphMnjaeas8X+tiVWz4WFby0WAec9swNTO5OC:uPogEfgEB/FeNeOnjaWg+Vz4IhvNTO5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ln.exe

Files

ln.exe
.exe windows:4 windows x86 arch:x86

758403c3e409239f77fd6aa68b47588d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__assert
__errno
__main
__mb_cur_max
_ctype_
abort
access
atexit
calloc
closedir
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fputs
free
getc
getenv
link
lstat
malloc
memcpy
memmove
memset
opendir
pathconf
putc
readdir
readlink
realloc
rename
setlocale
stat
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strrchr
symlink
unlink
vsnprintf

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_textdomain
libintl_vfprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 780B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE