replace-files-with-itself[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

replace-files-with-itself.exe
Size

48KB
MD5

06152a15ef7d211eeb058efb3d16a6a3
SHA1

4e1b3f3605696ef89d7c0fb02ea23707b7a78009
SHA256

a4a6cdc88edc8ab135f80786772afe9da45c50f3d53756e17dc5f03959f39674
SHA512

48756e0c08d002ee4d8e16d32aef3d5866df583f720a5db8a69dd467f56edae3905dd7145c34600d41dc2f4409948d8b78c7f609722fd3364e36daf74086c079
SSDEEP

768:KzZJBLsfjCO84r1xDoTkFyimov2zHjJZUJvjfBKvwcCUmi7Kd:IjpKxPoTkFyiBv2zH47Ko

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
replace-files-with-itself.exe

Files

replace-files-with-itself.exe
.exe windows:6 windows x86 arch:x86

70e2cc9fc56dabf5affa710619151606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapReAlloc
GetCommandLineW
SetLastError
GetModuleFileNameW
GetLastError
WaitForSingleObject
CopyFileExW
DeleteFileW
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetFullPathNameW
CreateFileW
SetFileInformationByHandle
GetModuleHandleW
FormatMessageW
AcquireSRWLockExclusive
ExitProcess
GetProcessHeap
HeapAlloc
MoveFileExW
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

user32

MessageBoxW

ntdll

NtWriteFile
NtReadFile
RtlNtStatusToDosError

vcruntime140

_except_handler4_common
__current_exception_context
memcpy
memmove
memset
__current_exception

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_exit
_seh_filter_exe
exit
_cexit
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_set_app_type
_initterm
__p___argv
_initterm_e
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70e2cc9fc56dabf5affa710619151606

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB