PayServ[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PayServ.EXE
Size

226KB
MD5

1c6a281f84f23a038f5229f4d1c23a04
SHA1

0c48b3228fa45ad04202a42bfe7ac8ed73bfd8e4
SHA256

722fb2b2c418e077c611e52654c67228d20302d645d2933298188d702de8b392
SHA512

d6f2c50e62bc58031aaf83f0b826f53aea53e496167a74aa4e1d3542f0dbd2636b4fa594d587e7e76d4e30c0c23eccadb6ee1e8468fb690d87b5dfcd1ad58e03
SSDEEP

3072:9CQz8p0WGMiBhq0Vd8TfFsrD7NdA0ZlI63ktAUT90vD4P8O/lN1TDvvjeJNbX9WD:9B+0+Uz2CDMjeJlX9VAs1nf9t67v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PayServ.EXE

Files

PayServ.EXE
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ