2FBFC79462B64751C339F0B0297C748F[.]exe | Triage

Sharing

General

Target

2FBFC79462B64751C339F0B0297C748F.exe
Size

372KB
MD5

2fbfc79462b64751c339f0b0297c748f
SHA1

3c07b52af2661e02e4db7dc978a83db0ba7c570f
SHA256

2b7658a9c50bf8ee549193723e56b6500d4a193a5eb8e10871c67956d5d4e835
SHA512

dbc3b7d8a7419feacf98481f542991edfcfe67d48a31244aff3818d28770842c2b7fd62a6d174e0132946ab73e60c00213a3c116090559e75512f38047b7a827
SSDEEP

3072:eps58pvoY9pm4arHiETYPTP3vfdHldhwE3vfdHldhwVOpvoY9FpvoY9jmJm4arq3:UW8Zr9U4nE49Zr9FZr9q04BnEASEg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2FBFC79462B64751C339F0B0297C748F.exe

Files

2FBFC79462B64751C339F0B0297C748F.exe
.exe windows:4 windows x86 arch:x86

547d55964e9333c3057788d5c4e8169f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\google_prj\src\tiger4_v3_2.pdb

Imports

kernel32

LockFile
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
VirtualQuery
RtlUnwind
HeapReAlloc
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
Sleep
GetCPInfo
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
WriteFile
MultiByteToWideChar
GetLastError
GetModuleHandleA
GetProcAddress
ExitProcess
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FormatMessageA
LocalFree
GetDiskFreeSpaceA
lstrlenA

msvcrt

puts

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ