Okuru[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Okuru.exe
Size

2.9MB
MD5

b02e000fe67bea9a36118811e9afbf9b
SHA1

f25e951343c39a24348efa689728617a43cc9310
SHA256

6f437c694463d856376d7f5a6b5e83fcf76215044c6b157a2931f4693f7071ec
SHA512

19c64fced25514041560c24e2d5f69fc467faf891bf2fbe6145ef6bca49fe139c23726fb0d788931bfcd1c31c56efd7f40e8b43062b6f917323efc028aa29acb
SSDEEP

3072:Be8lTxrU1GUGNxmRiSYT0zHCqn6Y/TEA7hvewogiutF/sD28t6iNBIFT:Ber1sbT0zHCqVB4+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Okuru.exe

Files

Okuru.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ