ps[.]exe | Triage

Sharing

General

Target

ps.exe
Size

1.3MB
MD5

6ad7f3d890850bf10b6df93767f5ba2a
SHA1

d92f2bff12276cd7373eaa85b66f2bccec33789f
SHA256

be646e0f5ca62c539477fec884f9657c0e23cf18ae3d5547ed9dd999a022a608
SHA512

33570759c5d2793fd4d55db9707654e0aec8b3178b076c2b9511c5d93b81911875085a98dc0229b44261759ac01da5b83c4563e05653469a280b9ecc98672124
SSDEEP

12288:nSVbo4iZFvA9hUMoqkrscTks8refhZVKQPV5gEu2gqDlqGbBUTXrBVT7VNA9Rsx+:nSVEfhDl4rcRs3o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ps.exe

Files

ps.exe
.exe windows:4 windows x86 arch:x86

e383d15fdaf1d3cd9aaef4feaca54b2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msys-1.0

__main
abort
atoi
calloc
ctime
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
getpwnam
getpwuid
getuid
malloc
memcpy
memset
printf
puts
realloc
sprintf
strcasecmp
strcmp
strcpy
strlen
strncmp
strncpy
strrchr
time
vsnprintf

kernel32

CloseHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetStdHandle
GetVersionExA
LoadLibraryA
OpenProcess
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ