Client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

196KB
MD5

72e202794856700c5c7e3d47b9c3bff4
SHA1

b9ecb86aad36c833ad06a2f11b2ace5a6ee30e8e
SHA256

80366aeb0a59093a1170cd3f57b4ab3baa04d1c199708f4535240a7f95b136e1
SHA512

902f6d418aac39836896b845b114a626b48da1c24466e5ea729a241d333784ddc6fbd1f02df55f73dfcf8a6b8388cb5348e042b1a483a8da4cf4ee29fb52777d
SSDEEP

3072:PIDspchhCG0yR7VPfG2k0MpnAomSouGiZ5A0++rhtQsakJ:18NVXG2k0CVouGizn++bQW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

$4>`tz0
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ