authenticate[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

authenticate.exe
Size

389KB
MD5

3aa5bd340bfc2de38da330c17d3758f1
SHA1

d5b3423a901adeb65ad38a6b8cc64a817643aa29
SHA256

5ceece70d2ddb4c5380a3dade9103c61509348c3f62e8918af05f2a6ea445103
SHA512

f719798792afdf9c8133d673153b82c40ae98d453a574f6bacb669c36216ef9c4a8247d340aa8abeb076725b0654adbd410dded8e369f8da51c6e1ed7054eaf4
SSDEEP

12288:rLDzjN76dJmyCRPYGTw81eTGG1lsNqpzYUFhR/aW:PHjN7PycYGTwH6OsNqpFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
authenticate.exe

Files

authenticate.exe
.exe windows:6 windows x64 arch:x64

514c8e42fe75215a279576462c34cfb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExA

kernel32

GetModuleHandleA

shell32

SHGetDiskFreeSpaceA

user32

BeginPaint

Sections

.data
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE