A278AB0D[.]MarchofEmpires[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

A278AB0D.MarchofEmpires.exe
Size

19KB
MD5

17a9ef94025329dd918b78b897c8da51
SHA1

77a24734dc8cc7583e915acd7156912e84cdc4bb
SHA256

7ad2a42113c2b9d7ef8a1352901f5e92fdb6c1ea0cbcc3bd48003c58a481e9a3
SHA512

10014fd5cc5b44330d3de05ff681dbd358effbbe8abcf0b5bf4165525463e8158ad7f68576aa37c0a855018db2debbaec626a86b7eb5b6c1db73849681f5eb33
SSDEEP

384:HN7JjQzVxahkEOk3Me4XG8iqHIf4emtYeXI:HN7JbGI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
A278AB0D.MarchofEmpires.exe

Files

A278AB0D.MarchofEmpires.exe
.exe windows:6 windows x86

589e7a82918082d23f12757f7c9b0530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

a278ab0d.marchofempires

RHBinder__ShimExeMain

Sections

.rdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ