payload-hav[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload-hav.exe
Size

108KB
MD5

a3baf6541e7cdc5666a2244d991d01d3
SHA1

9fe87a8a0da625e19993e9e6190022b86c32509f
SHA256

c3b8325fcea3b5830072f3aea9a419b6d8022353fa47cd30eba8695382c7c225
SHA512

f4ab75ec6aeffc8d9dc26e0d532972d6da08b9f82ba8ffee24d9c47a4ad5ccd1b6d1bb297e13064cd9bfc374b7f7448cb02aef507ab34fc374a9ee6915697435
SSDEEP

1536:ASK96MdNDiYxzIeLKMwDKYjWcVq7/cG8TAcSidHjsRezEJPylcvBRpnYsRKB:uVBIelPbwHjfM7XR6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
payload-hav.exe

Files

payload-hav.exe
.exe windows:4 windows x64 arch:x64

83258bcbacaf2a29b9b7fdbf000f47c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

memcpy
memset

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ