gotri[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gotri.exe
Size

2.3MB
MD5

8fe311e0b5509f06fb495242766862c9
SHA1

7abf193277bf245a005c0470820a519d84fd1f44
SHA256

de0b3cbf2c574540f7725c568afd429ad1c12f3c045f25d490a60f62f123ea47
SHA512

49b604bb840d0bb68924d3e1049c44b040c876ba49cd431bfe9ba2fa413d11042f5d117735dd65dbf68d87b910af3ea57b23ebbd59ad98310ccefaf7bf94143a
SSDEEP

49152:QM8f5OzhGwAOKBwoi49is/8T+2lyTPqc9tjZVkux3/vsADY2V6JwA9/2OhtQI0gQ:SvCE7q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gotri.exe

Files

gotri.exe
.exe windows:4 windows x64 arch:x64

31419132d7c994569ec9a2ef2ea53e76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ntdll

NtWaitForSingleObject

ws2_32

WSAGetOverlappedResult

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateThread
CreateWaitableTimerA
DuplicateHandle
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetEnvironmentStringsW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
GetThreadContext
LoadLibraryW
LoadLibraryA
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SuspendThread
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleW
WriteFile

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ