R[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

R.exe
Size

79KB
MD5

9493ad317b2d031bf76a3e04bf9a46b8
SHA1

b108d435509b5f4f9abcfecc3ac51b22cd93d604
SHA256

a748f628cb858fb72702b3787df64cee2ba7a15fafa6704d610f099e8d8d8eaf
SHA512

24f596910b1de2b9083059c34980be5234b0ad291aaafa162155695edc71faa17133d3f743d02714a8bd0dd3defaa046ed457abf3de034f9c7f5919e7da0718b
SSDEEP

1536:NXxomsNSee6c2TMwxRP5toPenbbFv1sHnpuBBeC99ovO4t9nH2K9j:Qm8Eqvr5to2nVv1sHnpuBVIOiV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume6/$RECYCLE.BIN/S-1-5-21-1159581898-2029943322-2268025737-7436/$RX76TZ0/Photos/R.exe

Files

R.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume6/$RECYCLE.BIN/S-1-5-21-1159581898-2029943322-2268025737-7436/$RX76TZ0/Photos/R.exe
.exe windows x86

Password: S@ndb0x!2023@@

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json