RLBMods[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RLBMods.exe
Size

21KB
MD5

87f9a7b78da7da67192ea1e1d2ba7ffa
SHA1

e3eb176d04a493d50b59c6df36542352fcfb7975
SHA256

c135b1809dcd1d2ec2d4442b3473dd0363d06383a81507cf2c637d3b57aead44
SHA512

f6c73abe92b522f5290bceeddbb03aaeef417de3c79f5befd8af386cf6987973afae440cd9ae025fc81c3c7f3f13f5340dab3c9da0851085e8ad550f90ef3e61
SSDEEP

384:dWRNetpqBT9TQ4bjm/vY7MnC3b4qH6VXZc+FrDkNpze0ptYcFwVc03K:dWIOxtbCvEMnxqarQtztYcFwVc6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RLBMods.exe

Files

RLBMods.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ