aaa[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

aaa.exe
Size

15.0MB
MD5

0a4ff22a3e27132aa89c7a060b8a2d53
SHA1

d7a5b6f1d8ee24a92032eba0f7fcda7add0466d7
SHA256

228ac367da165a9acd3c3c4c1c6093ed66b1a4a0c4c8cdeebb2a6d288fa97ada
SHA512

72c3d4cde46be13450588f9ce6c4160a0c6184743c5ce06d37b52fe4db099941f3212db40f9f890edb66ad6e97784e66aa63c77326fb0219d0789b41a9fcc284
SSDEEP

196608:e+ug4eN1ocXv1lp0bqu5R82+pDW8THPB8T1jMuEj/8rWfWWo1XqnMbW0stNBV7v:em4er1f1lpmqu/8RNQ4/qWeW7Pj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa.exe

Files

aaa.exe
.exe windows:6 windows x64 arch:x64

31e55a47166fc8961cd75b950260e375

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

urlmon

URLDownloadToFileA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W,q
Size: - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.R2Z
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.efc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31e55a47166fc8961cd75b950260e375

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 17KB

.rdata Size: - Virtual size: 11KB

.data Size: - Virtual size: 2KB

.pdata Size: - Virtual size: 1KB

.W,q Size: - Virtual size: 8.9MB

.R2Z Size: 512B - Virtual size: 224B

.efc Size: 15.0MB - Virtual size: 15.0MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 17KB

.rdata
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 2KB

.pdata
Size: - Virtual size: 1KB

.W,q
Size: - Virtual size: 8.9MB

.R2Z
Size: 512B - Virtual size: 224B

.efc
Size: 15.0MB - Virtual size: 15.0MB

.rsrc
Size: 512B - Virtual size: 469B