9e989ba6bc0469d5b606fe6bf51f0b1eeab026b68472bd49aefbba0caa40b0e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e989ba6bc0469d5b606fe6bf51f0b1eeab026b68472bd49aefbba0caa40b0e7
Size

5.1MB
MD5

215aec11d5789a039d14c96de87cc67d
SHA1

9228c044793fbf3c252bcb398d1d69fc210ab70a
SHA256

9e989ba6bc0469d5b606fe6bf51f0b1eeab026b68472bd49aefbba0caa40b0e7
SHA512

0a751c8c8d245287e97b5313904083dbf24ff36d093757ad2b4ff284557bace81a02448a1e314c8286570334882c2c38d1413e6b8b49ceda81f2d2f4a1cb1312
SSDEEP

98304:iSRpcd+5q3neCU3qIYHWzIEJy3VwhNjb30UF:rpch2zJy3VwhNjb3bF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e989ba6bc0469d5b606fe6bf51f0b1eeab026b68472bd49aefbba0caa40b0e7

Files

9e989ba6bc0469d5b606fe6bf51f0b1eeab026b68472bd49aefbba0caa40b0e7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 968KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

$}�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE