DEKONT[.]pif | Triage

Sharing

General

Target

DEKONT.pif
Size

708KB
MD5

18d893ed6a5e17809bf05ca38a5f42a4
SHA1

2d46b5d68c8bb296b3f171b885babeab47caadf6
SHA256

8e460726e55cc361f649b13026117c7a4726ce387a14f6c6ae42db4e521fbcc3
SHA512

2a39c66af9b4d3f4525b1c5c6d8409944b7ca184b6f4db61ffbc9d8335f92328aeac128355b033841a503b57d3ca251a0893d60f326fba2b99f5e2b4668a3aba
SSDEEP

12288:Aa1DIoIFFHgeg/c4V3xtnY51ouyuqdp8+mZAtAEuCtYIZ0IorTYTIV3Lhii1p/st:vIXFx4V3DY51/yuqdq+mZAt8O0ZrTYTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DEKONT.pif

Files

DEKONT.pif
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LiIk.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ