nt[.]exe | Triage

General

Target

nt.exe
Size

31KB
MD5

416c43aeb17252ee33048bd1f277d2a5
SHA1

085deb77551f9f6201e5aa352b62cad91c3005e5
SHA256

f46baa1b6227226518e42263e9b4808f81c27d060207df160f9ac64deae4f4f5
SHA512

3155de3fb04f1df246d6cecfa1c89f8ae9963c18be1ce717731ff210ab39d537be01231002a54d4346b4116e3505f387c92dfecc18a80ce7eb99c6d33e5f1f2a
SSDEEP

384:V2xoEQ1hlwZ1GADuwSoDFJqawj0zIjiOURFtk+bn7c/bAxi1I2Y8AVq65zHwP9TG:+l6pGXtk+D7c/N1I2Cq65z60sl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nt.exe

Files

nt.exe
.exe windows:5 windows x86 arch:x86

ee4f39f47003fa082601c87fd03e9ee8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind

kernel32

GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
InterlockedExchange
GetVersionExW
LoadLibraryA
Sleep
GetACP
GetSystemTimeAsFileTime
GetCPInfo
VirtualAlloc
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
VirtualProtect
GetSystemInfo
CloseHandle
GetCurrentThreadId
GetTickCount
lstrlenW
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapReAlloc
GetLastError
HeapFree
GetCurrentProcessId
VirtualQuery
GetOEMCP
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter

user32

wsprintfW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
LsaNtStatusToWinError
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
LsaOpenPolicy
LsaClose

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ee4f39f47003fa082601c87fd03e9ee8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 10KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 10KB