golang[.]exe | Triage

Sharing

Reason

too many matches

General

Target

golang.exe
Size

681.7MB
MD5

8d5ef85d4a5fda23812f7c2e80d84dd4
SHA1

682705a1d5e86922ab91dd1ffbd6ea4cdd6d8012
SHA256

fd36a0fe2ad2825423020ef28995e2ba531180528a1dad14ac3994339efec853
SHA512

c8fb4bb15218d5370262a95cda853093def4e9601c50faa55d8896a59d12ad0d2df39671288e41e14ecd9ca53600f749a4dab0aea1fa642aeaca882b1512dc04
SSDEEP

49152:Qonm104JVM4OcgDuOzVxpS7fjofPc1Gi0c0coPfvC/5NUS2FB5ZrA8:Pn1V4O7uIQ7UPS053fvI5NyLM8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
golang.exe

Files

golang.exe
.exe windows x64

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 2.6MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE