file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

26KB
MD5

c78655bc80301d76ed4fef1c1ea40a7d
SHA1

619652b42afe5fb0e3719d7aeda7a5494ab193e8
SHA256

93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8
SHA512

ebc9242cd81cf493e7b0358b32f9e658e10b68a3df6122e5ff1cba22020404758ba7514fa0a54ead090aa10af4d2c21ebb153a70a62a63519b69b5a133011bcd
SSDEEP

768:vWkX7q+f5TYvVeZMmn+0C4xirEbvK/PK:vX5fhuZE5ZvK/PK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows:6 windows x64 arch:x64

a72a57a50050874d785495b82d201cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

svchost.pdb

Imports

msvcrt

memcpy
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
memset

ntdll

RtlSubAuthoritySid
RtlLengthRequiredSid
RtlFreeHeap
RtlCopySid
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
EtwEventWrite
RtlImageNtHeader
EtwEventRegister
RtlUnhandledExceptionFilter
EtwEventEnabled
RtlSetProcessIsCritical
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId

kernel32

LocalAlloc
CloseHandle
LocalFree
ExpandEnvironmentStringsW
WideCharToMultiByte
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
ExitProcess
GetCommandLineW
SetErrorMode
LoadLibraryExW
GetProcessHeap
CreateActCtxW
InitializeCriticalSection
ActivateActCtx
RegQueryValueExW
LeaveCriticalSection
lstrcmpW
lstrlenW
DeactivateActCtx
ReleaseActCtx
EnterCriticalSection
SetProcessAffinityUpdateMode
RegisterWaitForSingleObjectEx
RegOpenKeyExW
lstrcmpiW
HeapSetInformation
RegDisablePredefinedCacheEx
RegCloseKey
LCMapStringW
HeapFree
HeapAlloc

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetLengthSid
InitializeAcl

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

rpcrt4

RpcServerUnregisterIf
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcMgmtSetServerStackSize
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
RpcServerUnregisterIfEx

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a72a57a50050874d785495b82d201cf8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-0

kernel32

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

rpcrt4

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 1020B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 84B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 84B