echo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

echo.exe
Size

194KB
MD5

9a385583298654d12d0eedca9ff40ab3
SHA1

eb1ba82dada353a9f8b191f396427cd23e812fef
SHA256

3003839bd590c743e5374f2fbba408731d487eb60fd942f7d7d9c126be8d774a
SHA512

56c50a7b426e20ec32e9141cc47c97dfb7761a94247fcc0adc84e3926504ff8243cb92d9190f6c27ef0210b7c492296c5ed65b889e89dbcdf8b6c45aed74644c
SSDEEP

384:B6fEsNclbjfwm2u5TaDBAIg5p1vswW1pptYcFwVc03K:ofEcclbzIYqg5pCwmDtYcFwVc6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
echo.exe

Files

echo.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ