0f88ec500b43144d6e42d20199706dd879c92ebc6c942cadd45f6a36bf6547d9 | Triage

Sharing

General

Target

0f88ec500b43144d6e42d20199706dd879c92ebc6c942cadd45f6a36bf6547d9
Size

4.6MB
MD5

97085f70400fa66cfaed896305d53f12
SHA1

5464c53702b8a8821ff8a0b7a763c049f768f822
SHA256

0f88ec500b43144d6e42d20199706dd879c92ebc6c942cadd45f6a36bf6547d9
SHA512

dc47ba5d6b84a2a7fdf5972b72cff2c2ee0ba3015b76c22b94dccb52bdd5d6588f2beac9ab78e93a8367ff46ba8bf8ca8e1aff7b6a97e4465897327fac25fbc8
SSDEEP

98304:72ed9G1vKsGOKSWLbuv2moPayZyGfTguTIWJ2hlhF3S//aBvvwCryJp:iCKBGOKSqavZoP/EGTTHCl7S//aBvvw7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f88ec500b43144d6e42d20199706dd879c92ebc6c942cadd45f6a36bf6547d9

Files

0f88ec500b43144d6e42d20199706dd879c92ebc6c942cadd45f6a36bf6547d9
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CoreGetShell
DawnUiGetShell

Sections

Size: 1.9MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 148KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 264KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 192KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE