13c78641bd72d20f5f0f650861c9f447ccb5e00c548e9e4b7aac16dbc6b3d121 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13c78641bd72d20f5f0f650861c9f447ccb5e00c548e9e4b7aac16dbc6b3d121
Size

5.9MB
MD5

7f76a0b094e1b7151a78a59c3a03d6d2
SHA1

96e70bddd1dce1904eba345add0dc2346ddcc84a
SHA256

13c78641bd72d20f5f0f650861c9f447ccb5e00c548e9e4b7aac16dbc6b3d121
SHA512

a201dd517d1c0ad2304e1c7d27285b62fb7ff2a884ac4219998e7066c0685a5651d2038771db43996381be59f7afb1dff0ec6f6e38f2e7358a022d0d8d5dfe39
SSDEEP

49152:iJR2XIW0W/Zqq0otvFREF/Zqq0otvFREF/Zqq0otvFRE9fPevo:YR2kW/FBFREF/FBFREF/FBFRECo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RelaxUpdater/RELAX.exe

Files

13c78641bd72d20f5f0f650861c9f447ccb5e00c548e9e4b7aac16dbc6b3d121
.zip
RelaxUpdater/RELAX.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BlueStacks_nxt\L2Updater\obj\Release\net48\L2Updater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RelaxUpdater/User's Manual.txt