app[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

app.exe
Size

4.4MB
MD5

a6a6273d29cecf465de73ee6d11861c2
SHA1

d3eccd9bb6c17698e726ded7b9f9893a51c5424f
SHA256

5f9c7df75c9a1dd3d35653d404d346acbceb5d588479daeaee5ba37ee92e0dfd
SHA512

f20e942a7f64bcba37a84ee9210f5f9b484b60a6077791c38fb0e0b984d51570a887cdc96d18aeb2503469e767d6e31b4eb32676f07b016aed5af06f88a097c1
SSDEEP

49152:9qxYJWuwdHTjE3czWc6SG+IG/k8i4RjCrnrQJVq9BFAFvHbRC+VFHyY0Cer4TXVX:9KYwJH3nzWvSTIY7jCrj6jbHyYXk9yz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
app.exe

Files

app.exe
.exe windows:5 windows x86 arch:x86

1447faf64e88d8f911285f4f5b2a421c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yejazogepiguviteru.pdb

Imports

kernel32

GetComputerNameA
GetThreadContext
lstrlenA
TlsGetValue
GetDefaultCommConfigW
FreeLibrary
CallNamedPipeA
LoadResource
SystemTimeToTzSpecificLocalTime
DeleteVolumeMountPointA
SetWaitableTimer
SetUnhandledExceptionFilter
InterlockedDecrement
GlobalSize
SetHandleInformation
WriteConsoleInputA
ConnectNamedPipe
CreateNamedPipeW
VirtualFree
EnumTimeFormatsA
WriteFile
GetCommandLineA
SetProcessPriorityBoost
GetPriorityClass
GlobalAlloc
GetVolumeInformationA
GetConsoleMode
SizeofResource
SetVolumeMountPointA
GetSystemTimeAdjustment
LeaveCriticalSection
Beep
GetFileAttributesW
SetTimeZoneInformation
VerifyVersionInfoA
GetBinaryTypeA
SetSystemPowerState
TerminateProcess
FileTimeToSystemTime
DeactivateActCtx
CreateJobObjectA
ReleaseActCtx
GetStdHandle
OpenMutexW
GetLastError
GetCurrentDirectoryW
HeapSize
MoveFileW
GetLocalTime
LoadLibraryA
BuildCommDCBAndTimeoutsW
AddAtomA
SetCommMask
SetSystemTime
GetOEMCP
SetConsoleCursorInfo
DebugSetProcessKillOnExit
LoadLibraryExA
CreateMutexA
VirtualProtect
GetConsoleCursorInfo
GetVersionExA
GetProfileSectionW
CommConfigDialogW
lstrcpyA
DeleteFileA
HeapReAlloc
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
EnterCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapCreate
VirtualAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
CreateFileA
GetModuleHandleA

user32

GetWindowInfo

Exports

Exports

_lifan@8

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 43.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1447faf64e88d8f911285f4f5b2a421c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4.2MB - Virtual size: 43.6MB

.rsrc Size: 89KB - Virtual size: 88KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4.2MB - Virtual size: 43.6MB

.rsrc
Size: 89KB - Virtual size: 88KB