魔方内存盘ramdisk[.]exe | Triage

Sharing

General

Target

魔方内存盘ramdisk.exe
Size

496KB
MD5

a7fa7b4beef714e332ce56a424b84fad
SHA1

90995a018c8c1eebf48121fb7a6fe37e27b6a5f8
SHA256

f2afd4690499d7a011f48b7ae5d9209c18aa92e081f73f36a69b0770881ffd10
SHA512

2845c79f85e1763d854745c88d94ffc8d6ab62e2c00a74b683b258acd70a7915766d4c5088d8acfa9300e6e15dd46e2bd723b9772097ce9cad3dd1818aed9d14
SSDEEP

12288:P8NCLUeVeemiGIReS5OGqyOq7uHSZqWU8D31V:E3eVZ/GQO5q7uyXU8j1V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
魔方内存盘ramdisk.exe

Files

魔方内存盘ramdisk.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ