Shadowsocks小火箭[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Shadowsocks小火箭.exe
Size

5.0MB
MD5

1c668f5d6f2054ec8e0598cab1624cb6
SHA1

690db671d045042d112c8f3d3a29b9a5d4c41758
SHA256

e03d030e1ba3c05547deeaf7d0a0af745ea33020055f0597500d8d7951c2d9dd
SHA512

d3f4e93bf33d4bc6d32141958340d5c7e85e7c11d3dea59ef4d60d1836cf28ec7bb5084253009e67a9d570f7af5cb053ffcbb85084d45fae3e0edc8dfe1ff1c5
SSDEEP

98304:FZC8GIY9g7PaSBiiwZclBdLHEzr31un7toLAWoB0BF:F08b7PLIiIcBdLHWhuuMx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Shadowsocks小火箭.exe

Files

Shadowsocks小火箭.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ