PO490[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO490.exe
Size

709KB
MD5

f25c9e09085b6293899b9d416de39fb0
SHA1

b73f6dc25d9156fc5eae4aeeb438a6af3824ad7a
SHA256

8673c23f277ceac88a9cd066bdc3176b7aa760b23c5a90426273334092d7ef56
SHA512

0034105837275d82366caef11152ff9e03cb089bd3bbf76f2bda7a2d11333bd44f06bf06f733012ec99f61243c42e9a5d6986336b0520747e9f70495f437f524
SSDEEP

12288:tA5WIPr4zVD/+Cr/l5OH54/Z26gSYPnviFw0VKjukqOqv:nzZERSYPvIwOKjfq/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PO490.exe

Files

PO490.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ