test_loading[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

test_loading.exe
Size

308KB
MD5

ef79a2ff85d45187b6a3c880ed5200eb
SHA1

cef48107215e63a4288f8110d1a198ecc0bbdf24
SHA256

3076d3f8207b7fa5f1091bffbf9283410040a3b46eed461dc8e89bd669dad7bd
SHA512

cbe515c3da25cdad1f572099fc3128c7da7206057fc24d8fed3f25da6c4a2589a9bf678bd313376ac0697f8ec8ec6a3d7991cd0988f09395be65f80e90042b77
SSDEEP

6144:ahtQ0+RbE3nYxUiTxmJuQXCmQ4hXbgpxC:ahX+RknYxUiMJRq45oQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test_loading.exe

Files

test_loading.exe
.exe windows:6 windows x64 arch:x64

525bc932bb9597f15e65c00eca662006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\memexec\test_loading\target\release\deps\test_loading.pdb

Imports

user32

MessageBoxA

kernel32

GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapFree
FlsGetValue
FlsAlloc
LoadLibraryExA
FreeLibrary
GetLastError
FormatMessageW
WaitForSingleObject
HeapAlloc
GetProcAddress
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
AddVectoredExceptionHandler
SetThreadStackGuarantee
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
LoadLibraryA
GetCPInfo
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TerminateProcess
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
LeaveCriticalSection
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
FindNextFileW
FindClose
CreateFileW
EnterCriticalSection
EncodePointer
GetConsoleMode
GetFileType
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
CreateMutexA
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

ole32

CoInitializeEx
CoInitializeSecurity

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

ntdll

NtWriteFile
RtlNtStatusToDosError

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

525bc932bb9597f15e65c00eca662006

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

ole32

oleaut32

ntdll

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 3KB - Virtual size: 2KB