Off Pow[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Off Pow.exe
Size

552KB
MD5

ab2c5f91c21b2517acda1fcedf6f160f
SHA1

6dfc025d551dd109d384d903cf8d0cb79fed2e22
SHA256

df003f0f7ff5086feee5f8df25219854fcec4bac69d77fcb3298a4d44936ceb1
SHA512

a3b594d5d2d2332a01166c294ccfbd633112c9f49a95330bdd280c48f44b29fcb0a9bca4f157918439f8dc883d772b375a7345dc9271a06796922e6808c74196
SSDEEP

6144:MzGxjzYvRV8mVuqVOWEmWS/yMjzYvRV8mVuqVOWEmWS/+5pgeUjzYvRV8mVuqVO2:oGUV8mgAp/oV8mgAp/+LXV8mgAp/

Score

N/A

Malware Config

Signatures

Files

Off Pow.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ