sdiff[.]exe | Triage

General

Target

sdiff.exe
Size

32KB
MD5

bfa5fc7a7e796d4025a46eac5921aa25
SHA1

9e8f2b0cb80521056635a7ac2ad0143e426d2b8e
SHA256

0dac678075b1744c2a2f0d944c9e983dcf5faa67315a568485bd7672ec13dc0e
SHA512

44fc7a3031575175d110e4d972c08bbeade7b58d6861e89f90d4ba26080330d82c2a46cecad2655978f1b769db86a20dccd1d8c474a5bd01fae9981d962ed3bb
SSDEEP

768:L9+81407QTRdHJ8pcXxBoc0nxozYwLbTYLsOdPFVyqgdM:LZ14cmJ8pcXxBoc0xjwpOs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sdiff.exe

Files

sdiff.exe
.exe windows:4 windows x86 arch:x86

8cfe9cc8e6fd02c53c20491aa44c1c52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__errno
__main
_ctype_
_exit
abort
calloc
close
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
dup2
execvp
exit
fclose
fcntl
fdopen
fflush
fopen
fputs
fread
free
fwrite
getc
getenv
getpid
kill
malloc
memchr
memcpy
memset
mkstemp
pipe
putc
puts
raise
realloc
setlocale
sigaction
sigaddset
sigemptyset
signal
sigprocmask
sprintf
stat
strchr
strcmp
strerror
strlen
strncmp
unlink
vfork
vsnprintf
waitpid
write

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_sprintf
libintl_textdomain
libintl_vfprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 580B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8cfe9cc8e6fd02c53c20491aa44c1c52

Headers

File Characteristics

Imports

msys-1.0

msys-intl-8

kernel32

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 5KB

.data_cy Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 580B

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 5KB

.data_cy
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 580B

.idata
Size: 2KB - Virtual size: 1KB