ceshi[.]exe | Triage

Sharing

General

Target

ceshi.exe
Size

5KB
MD5

6bad0d8bd96dc7fa04cbd36fb7cd3cd3
SHA1

7d5599203cec1bec74c909caa5c7b4110c57078b
SHA256

304344761eb9b34d8d3bb22fe8272f68db5f9f9ba6fdcd3619906c13d8a315ee
SHA512

6951de93a3ca8383a7b7ed04c13fd3f26e58ece713d960498e1fc8f810af81012eecd6bba2e239b4dba1e9f8d18248dea56d15b66158162592f12c2601323587
SSDEEP

96:S0Y89xtofS4oguQ7tGPeb4zrYF3XgsttFStNoyn:l2l0+9kYnjtStNoyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceshi.exe

Files

ceshi.exe
.exe windows:4 windows x86 arch:x86

9f0f5afcd551424789f227c045328a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
recv
getservbyport
ntohs
gethostbyaddr
gethostbyname
WSAGetLastError
inet_addr
getservbyname
htonl
inet_ntoa
socket
WSASetLastError
htons
connect
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
exit
strcat
strcpy
free
strtoul
calloc
strlen
strcmp
strncpy
strchr
sprintf
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr

kernel32

GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
CreateThread
WaitForSingleObject

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE