artic[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

artic.exe
Size

440KB
MD5

8c548f6ba393d37b636fce01e9dc2561
SHA1

8856f177b7ad66048d1707463b84eb8021c6b7ca
SHA256

f993935bbd05910fc3e9ff01c59564dcc9280a8c80b25e7c8fec608695d20977
SHA512

dd1150209ca916585fe342b5e85b3fb8e2f9432253c048c7a038c27d68789ba3aaa9d30976674f6fcc2aa2948197c60e0461936f0194b0e8c1ad184ef686f4b0
SSDEEP

6144:6cJJfhmKkmGuaOX9yFE3zzudYcOkeUP/BP3VOc0DfCGjWUG91I:6stdGuaOXac/udYcOYPN8x7zyz9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
artic.exe

Files

artic.exe
.exe .ps1 windows:4 windows x64 arch:x64 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jBE
Size: - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mg"
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ