66b65d19068e6b15ccfae14d57504a20403c2abd3ed9835c02d3c4d004a3a705 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66b65d19068e6b15ccfae14d57504a20403c2abd3ed9835c02d3c4d004a3a705
Size

7.8MB
MD5

dfae5a7b89f5509c59dc10bee1d7d6d2
SHA1

86019b9ff0829e4a9a40a4195026aac793cc7a8d
SHA256

66b65d19068e6b15ccfae14d57504a20403c2abd3ed9835c02d3c4d004a3a705
SHA512

1486c3d51ee09420566b98c8a096510fef7748c67e2ac391d377d06827b726a53059528a1af9ed5c23510b51968557ee6b2e30ecde8beb08871fd0b9ed4ff403
SSDEEP

196608:0r9zHyZ97cGe9898hbWAVuGDtYJEHBKTxLdIG:YzD8OhbWAVumt23IG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66b65d19068e6b15ccfae14d57504a20403c2abd3ed9835c02d3c4d004a3a705

Files

66b65d19068e6b15ccfae14d57504a20403c2abd3ed9835c02d3c4d004a3a705
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 111KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 506KB - Virtual size: 21.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE