Auto_Potion[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Auto_Potion.exe
Size

335KB
MD5

798eadef81062639810e9e5b5d7c9926
SHA1

dbd85ffce3384e6f09fe0c42dda6997b89091928
SHA256

ce020c86f0ce52f494fc5048677678690074427633f20ed1dc56868b4a5b7796
SHA512

10e4e65165e00910a31131215021cffb71231a48f481bd2018004d4a6f1f445962f2409c20a336144e1b7edb8fd2d2c07bd61484b829bcb9d20d35fb9e9ccc6b
SSDEEP

1536:LM3EjYhTMdQ7sZK/Zg1EAglhaFYbG8EQGWxO8kQJ1xO8kQJDTO8nQJSrn:aJlA8aFAGRqg8kQ3g8kQh68nQIrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Auto_Potion.exe

Files

Auto_Potion.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ