test2[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

test2.exe
Size

1.8MB
MD5

f27427e8fcda05388bc238b8d6b1590a
SHA1

5f273d7fc5696c738879a60e8d49b66eefdf87c7
SHA256

31a480c85705f4c532ecc57d8a66d8658ecc18f43115f67b2a65d441a9b6c6a0
SHA512

85273040cfb86ffaa8201d889061c51e609ffdbc26211ee01603a6def2dc5a76d1305cf48b89f5ef5fb2d4cf893b27420558b04cedd342d55c72f81add153351
SSDEEP

24576:88s7u7nB/DBD9accSqVO9y/QaDC4F3Zuk5UDJjbDE2W4VO8I/nY:qy/DBD9MVO9yosHF395UlbDBw82n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
test2.exe

Files

test2.exe
.exe windows:5 windows x64 arch:x64

21527848673d661c5d2fae3c8153bace

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceA
LoadResource
SizeofResource
lstrcatA
GetLastError
GetProcAddress
LoadLibraryA
LockResource
GetModuleFileNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapFree
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
HeapAlloc
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
RaiseException
RtlPcToFileHeader
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
CreateFileA
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
GetLocaleInfoW
LCMapStringW
GetStringTypeW
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW
GetUserDefaultLCID
InitializeCriticalSection

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21527848673d661c5d2fae3c8153bace

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 6KB - Virtual size: 5KB