992149ca2244ebd9ec96f01f29c73acce0dc5af609734077aea5978b5ce203a5 | Triage

Sharing

General

Target

992149ca2244ebd9ec96f01f29c73acce0dc5af609734077aea5978b5ce203a5
Size

2.1MB
MD5

8cae61eff562d9b28d521900692bf516
SHA1

a38dd36172e145186b776bea4f5f2773504c68b0
SHA256

992149ca2244ebd9ec96f01f29c73acce0dc5af609734077aea5978b5ce203a5
SHA512

ff21a35638aaef98cf95e776d67a89cdf8ce98fd17f5f5ad52ed89ffa1b022f2e928061efb1543cbb112f750f6002ef62e08a68b7d047d19959acb06ffbc8565
SSDEEP

49152:amer6a3OsA3P+SJfWDzG5nEm6oPTOSi2z7BGsW:aHP3OP32SJODqKi6/IBGl

Score

10^/10

Malware Config

Signatures

Detects executables manipulated with Fody 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Fody

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
992149ca2244ebd9ec96f01f29c73acce0dc5af609734077aea5978b5ce203a5

Files

992149ca2244ebd9ec96f01f29c73acce0dc5af609734077aea5978b5ce203a5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\users\pabluk700\documents\visual studio 2017\Projects\jigsaw_MASTERSDF\jigsaw_MASTERSDF\obj\Release\LoL VIP RP HACK 4.0.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ