658979fde781e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

658979fde781e.exe
Size

691KB
MD5

c374a9e249d6c7d36f0bc093f841ec9a
SHA1

da3d674d0bf09611b890000368600e5d7c1d90f8
SHA256

63fd3f8aaad34879b0976e00476379d9920fb51aa2288eb249802cbd701bb6da
SHA512

de4525456807a52578c6d8f9f8ff666ca8e2b49765804986ed55c1bf3b6dd4352f500a24b09b405710a0eb1d78d04528e51f32c9eaf19ad79cff2b15630ba2b2
SSDEEP

12288:eSB6ouikImowy8lLFngUqif018dGIRRmievYLbRzNV439LHJUouxSZAIPgsqiZ5b:eSBpZklySWz18d5JDVs39LFux2AIPVv5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
658979fde781e.exe

Files

658979fde781e.exe
.exe windows:4 windows x86 arch:x86

f661d51b716b01821c34ea37a2a8ea0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

GetDC

advapi32

RegisterEventSourceA

mscoree

_CorExeMain

shell32

SHGetDiskFreeSpaceExW

comctl32

DrawStatusTextW

Sections

.bss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE