aa03d776b4f68c65cbbd1d447779caaee2d7d9459a1d06e735ff018229c44db9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa03d776b4f68c65cbbd1d447779caaee2d7d9459a1d06e735ff018229c44db9
Size

4.6MB
MD5

df8e080a616552b8a8160abc41b81cd5
SHA1

7effc0c3920ced74301a84a2e985aa6d1aa80bcc
SHA256

aa03d776b4f68c65cbbd1d447779caaee2d7d9459a1d06e735ff018229c44db9
SHA512

ff0d62c41cc3f84981d2277b46e8ea0bdb08cc461bc6343aa0a753d76708c6e806a54b511c63fcb2daede1c8bb9bba34d1fd41af1aa8881d50245ff450b49e90
SSDEEP

98304:RwdLvTEvjBgcNGCnyMXtiGhsUCFFZgXJCnxSt6NQFSlQXxsGyVuVnJ:RwJbkGcN//tnO2XJdt6TlQWJVuVn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa03d776b4f68c65cbbd1d447779caaee2d7d9459a1d06e735ff018229c44db9

Files

aa03d776b4f68c65cbbd1d447779caaee2d7d9459a1d06e735ff018229c44db9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.3MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE