oski | 50f2ebc57b3214cce9f47a657e25376a[.]exe | Triage

Sharing

General

Target

50f2ebc57b3214cce9f47a657e25376a.exe
Size

224KB
MD5

50f2ebc57b3214cce9f47a657e25376a
SHA1

eee1d73fda41847a860fed0f52a888a4f244d94b
SHA256

4ea4cb533aa5c0cb9e8d80835d2c20ed2fb93315597b72f5515317cd9ba49939
SHA512

999f1f53265442a9ed24c75065080e7b5b91754726da091f87616e0a0684b57f98734aef7846f2bbb569662c4cda28493bfdcbc0112ecc31a50b385d536a5e3d
SSDEEP

3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB30Ip1Xi6FLPJPC3c:WfUauY68uSWCx+XA7mg2pNx1Ljk3c

Score

10^/10

oski

Malware Config

Extracted

Family

oski

C2

'

Signatures

Oski family
oski

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50f2ebc57b3214cce9f47a657e25376a.exe

Files

50f2ebc57b3214cce9f47a657e25376a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ