xcopy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xcopy.exe
Size

5.5MB
MD5

0f95ea3f4c85d8f0434841e88002a825
SHA1

d62324099ce20d88bbcec9cfd5c199eae1cf553d
SHA256

28d3edb109b479e773086d2f9ab1b901023cd9ec87e1ad063024f7c5715b6c41
SHA512

5b6a1220da3d87a3c2d95abdda0c166f96364f9290635dd42e4e4f35124418100ee15510dd9bfaabdd3bb123d4770fc5ee9baf5360df670dec171528825daf85
SSDEEP

98304:vwMZpOkYiEdzXs3G7LzNLwyk0z7OrghftpoAbOr7tHSVT9qonQBA69Z+0HB:vlZEkfEdzNzNMkCrghftpokOrRH2Twff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xcopy.exe

Files

xcopy.exe
.exe windows:4 windows x64 arch:x64

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcpy

Sections

Size: 1.5MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tdxakdpr
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hqudrhmc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ