PING[.]EXE | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PING.EXE
Size

40KB
MD5

c34fa4b53546ea790f0490426f23ea97
SHA1

3d4bd0982a2e6da232ebf039044f76f5079f4c51
SHA256

c66cb53494b1dc2eaedb8bcab3a55dbc5eb220efeb6b37c7e34c52a0a26e21e8
SHA512

73354f5481110e119aa250d7ea80ecc8e33a2bdf87c782cde7c1bdb516828d7996ce1f39b3f894bd5c22db71232b3e359fe930e3a6817b6fc7e587a0d50edf04
SSDEEP

384:TDt1l0e8bHnIZIXQDc59agf5Crt/sg4AsVBrEqZpEcZ3U4LT6wmW7lW:d1AboZIADc5Y3tU9JVD+Q3U4LTDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PING.EXE

Files

PING.EXE
.exe windows:10 windows x64 arch:x64

52182582db3fc49e327853c5e45e3fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ping.pdb

Imports

msvcrt

__setusermatherr
_cexit
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_get_osfhandle
_wcsicmp
exit
_exit
fflush
__set_app_type
iswctype
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
wcstoul
fgetpos
_setmode
memcpy
_write
_fileno
__iob_func
wcschr
memset

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

iphlpapi

IcmpSendEcho2Ex
GetIpErrorString
Icmp6CreateFile
GetIpForwardTable
SetCurrentThreadCompartmentId
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
InternalIcmpCreateFileEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

ws2_32

WSAStartup
GetNameInfoW
GetAddrInfoW
WSACleanup
InetNtopW
FreeAddrInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52182582db3fc49e327853c5e45e3fb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-console-l1-1-0

api-ms-win-core-registry-l1-1-0

iphlpapi

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

ws2_32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 420B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 48B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 420B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 48B