tr[.]exe | Triage

Sharing

General

Target

tr.exe
Size

38KB
MD5

0205da079b744eb88b7211e0bac9c4a5
SHA1

70ea02b0124fc08371c37fecf3899e2674c96f25
SHA256

87ad62b387d599cebf3908fa068cd334b2e93c76ec0d9dd29bfdf846f5323b0a
SHA512

db1d9575ab59655d1b0d7bd293d5c3aec94db9c1e35dca497c7491f81c0f069910f44a78b75ba5002efcc682b9081cd7a882205fba112a7f5a879b5dffda3cfa
SSDEEP

768:poqErevlzUJUB14iBGEGIf/kIw+ddVUBsOG/OOPhyqVt:pRkklzqUB14mjwQdKBE/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tr.exe

Files

tr.exe
.exe windows:4 windows x86 arch:x86

b359ffd24e9aac9c60ec8662505ba15c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-1.0

__assert
__errno
__main
_ctype_
abort
atexit
calloc
close
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fputs
free
fwrite
getenv
malloc
memcpy
memset
putc
read
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
vsnprintf

msys-intl-8

__printf__
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_sprintf
libintl_textdomain
libintl_vfprintf

kernel32

GetModuleFileNameA
GetModuleHandleA
GetStdHandle
VirtualProtect
VirtualQuery
WriteFile

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_cy
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE