PingCastle[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PingCastle.exe
Size

250KB
MD5

944fc3dd115ddb1608b4292d383db264
SHA1

68654ace78ca8a1fa34e536c4f1bd61f783d362f
SHA256

0a4dec1ed62721a387d8e8ed420be9b207d7f11d1ed72f6c079e4b8a5260ac1b
SHA512

0ac403eeaf1636eeb75f5a42af6b326dd3fbfb2d859b78b7f0540cde2cb3ba7cb3b828d7fa19d81958c0af1662ed288bd7f671615276a3ddd33745964b7326af
SSDEEP

6144:20tKrGMUWbKqUbU5mP/ulGbdXrG+6bkNWH:fSUYUbU5mP/KGbdb6zH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PingCastle.exe

Files

PingCastle.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ