gen[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

gen.exe
Size

432KB
MD5

e4f02789919bd8bb66d58a365b11b59e
SHA1

18d9d6d98d223b481887a48e7a3eb58501627154
SHA256

c9c4a609ebe0e79b4604373b8cdee40147aecee7e00042dcd3574e395dcdef9b
SHA512

652b8f6ae1910618793c61fd8831d714b929a316bdf01322b855a498190a53cf43c7256a4fc9840709a7f885a37757dea492da84d3d6d0b7fd122c378d8de86d
SSDEEP

6144:yzaTUEZwWyN2i+Hsi2Ge0CC68vF4Dg/uNM+kelsSEAIrYBik/ltMNSLXK7M1nL3I:xDOjIs2QonWNM+kelsNIcSLdI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gen.exe

Files

gen.exe
.exe windows:4 windows x64 arch:x64

98fedeec95dbd89a8014dedaabd26f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

kernel32

CreateDirectoryW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCurrentDirectoryW
GetFileAttributesExW
GetFileAttributesW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetTempPathW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MoveFileW
MultiByteToWideChar
RemoveDirectoryW
SetFileAttributesW
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_onexit
_wfopen
_wopen
_wstat64
abort
calloc
exit
fclose
fprintf
fputc
free
fwrite
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
signal
strchr
strerror
strlen
strncmp
strtol
tolower
toupper
vfprintf
wcslen

shell32

SHGetFolderPathW

libstdc++-6

_ZNKRSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt9type_infoeqERKS_
_ZNSo3putEc
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorD1Ev
_ZNSt13runtime_errorD2Ev
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE15_M_replace_coldEPcyPKcyy
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcyy
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD2Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt4cerr
_ZSt4cout
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdlPvy
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_call_terminate
__cxa_end_catch
__cxa_free_exception
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__gxx_personality_seh0

libtinyxml2

_ZN8tinyxml211XMLDocument8LoadFileEP6_iobuf
_ZN8tinyxml211XMLDocumentC1EbNS_10WhitespaceE
_ZN8tinyxml27XMLNode8SetValueEPKcb
_ZNK8tinyxml210XMLElement9AttributeEPKcS2_
_ZNK8tinyxml211XMLDocument8ErrorStrEv
_ZNK8tinyxml27XMLNode17FirstChildElementEPKc
_ZNK8tinyxml27XMLNode18NextSiblingElementEPKc
_ZNK8tinyxml27XMLNode5ValueEv

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 961B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98fedeec95dbd89a8014dedaabd26f48

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_seh-1

kernel32

msvcrt

shell32

libstdc++-6

libtinyxml2

Sections

.text Size: 144KB - Virtual size: 144KB

.data Size: 512B - Virtual size: 272B

.rdata Size: 12KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 304B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 71KB - Virtual size: 71KB

/31 Size: 13KB - Virtual size: 12KB

/45 Size: 29KB - Virtual size: 29KB

/57 Size: 6KB - Virtual size: 5KB

/70 Size: 1024B - Virtual size: 961B

/81 Size: 8KB - Virtual size: 8KB

/97 Size: 32KB - Virtual size: 32KB

/113 Size: 1KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 144KB

.data
Size: 512B - Virtual size: 272B

.rdata
Size: 12KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 304B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 71KB - Virtual size: 71KB

/31
Size: 13KB - Virtual size: 12KB

/45
Size: 29KB - Virtual size: 29KB

/57
Size: 6KB - Virtual size: 5KB

/70
Size: 1024B - Virtual size: 961B

/81
Size: 8KB - Virtual size: 8KB

/97
Size: 32KB - Virtual size: 32KB

/113
Size: 1KB - Virtual size: 1KB