PO[.]exe | Triage

Sharing

General

Target

PO.exe
Size

772KB
MD5

d035c6402311cefd79194cfb5ce38922
SHA1

755196dd38f39d5eeb894d15df5713aa1ffaa8d8
SHA256

c0198b7a910f3c62f4f2caeb84c383c151289726300acf930b39f005290df3ca
SHA512

ced55948613a44f888687d63986c2634dd7a63e8adc4907aad977e68591855f19ca29d6d8f2715b8535d1b9e575b664f3d5921ae68d05f4a84a1ec6b82c80545
SSDEEP

6144:qVdmWnOP3RgA0TL15rhGjdpjsX5f8zXor0tP7Rp7IC9YE8Yma0kfPkSGQ:IwnN0T55rhU3G5hr0FXhYpSfB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PO.exe

Files

PO.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 770KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ