5b558cbb23959f4a208203278e35e212 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b558cbb23959f4a208203278e35e212
Size

116KB
MD5

5b558cbb23959f4a208203278e35e212
SHA1

77377993bfd527cdc058f338beaa4a74c6601be3
SHA256

7f73b77dde4c385b68dc8a2a16d8749425cb96b4afcb9b434cfefda808692897
SHA512

3ec940d1b401ec7e5279a4b43f0ce060b7efc7d994e8422cc5a0e8fa7652d5493d8eb08ea27dfa815c6ac47b082a1e676614740fb59b5bc6667c45e3996c8737
SSDEEP

1536:JQWQFGFI/PvgCRN59/ibKJNRo8od0q98+7i8JwMxlpEq0Dv9SyGOLMGep7LjcUjS:Krz/BRg+JNUucu4wMxsqoFVGOgGef8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PHOTO-DEVOCHKA.exe

Files

5b558cbb23959f4a208203278e35e212
.zip
PHOTO-DEVOCHKA.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ