emotet | 05934099[.]exe | Triage

Sharing

General

Target

05934099.exe
Size

48KB
MD5

2803d4c1bef188b800618136e2eeae90
SHA1

21e35b24096a31776bcb727474693823ef82cb9b
SHA256

16694c03c2ae041db360f8b098693deb3eb7ee5906a9acd1092fad46f179e09a
SHA512

45736df69bdefe51ab62ecf2b7076d87e37ee0e7a3a6f727ff9cd63a29cd7a81a226c1d1b80ca4b05ef29cfc37e9fccebc8b02f5804234bc96b062b3ee16ebe9
SSDEEP

768:QMb44BNg2g3XYHOfJrSnStfDBAlDNOxHImwVvEkPABfUvNVgEJFjvlhT:+4AHJUobOAxomwVdAmvNz9vl

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05934099.exe

Files

05934099.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ