XToMPywPgsP4KAP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XToMPywPgsP4KAP.exe
Size

20.6MB
MD5

a9e6a6c4b19ee0d123f3c3d22a6c4726
SHA1

c23ddd1fa920916ae483a61024a61457af3c4037
SHA256

becbe4b80dd8089d13c786267b75c3509d57c82b241e1961d50b6638ae7378aa
SHA512

a811cce043adc61f6af03a41bdc8d4a485a9ed460a1207ba52c2e684c9ce94c570207244041c0a044356cf9d53e1f41dc650fac1246eb2b8bb15e362cb4a33d8
SSDEEP

393216:eXZYq3BWDKCdwswomJmvvV7CaTTacBGxjvRFjccUUt6w:eX6q3dCdBmChTsxjR5BUUR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XToMPywPgsP4KAP.exe

Files

XToMPywPgsP4KAP.exe
.exe windows:6 windows x86 arch:x86

320298f5420c8653ce03ec6b6cd81eaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto

advapi32

CryptEncrypt

kernel32

WriteFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

normaliz

IdnToAscii

crypt32

CertGetCertificateChain

wldap32

ord301

Sections

.text
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.{}W
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hET
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I`5
Size: 20.6MB - Virtual size: 20.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ