v1[.]6-NoVolumes[.]exe | Triage

Sharing

General

Target

v1.6-NoVolumes.exe
Size

1.6MB
MD5

560ea1c3cebdb2cdfb6bbab8a5cb68e8
SHA1

212d393a4089fca67e8542e9c7ce79dac4389e9e
SHA256

1345a49927ee26c6d7871a57bc846cec7c9324bed043e54c458028b80d563dfd
SHA512

e2963609c0f6990eae5c36e9b6d1736eefd10fa71a9ac624e42a57de6545a75396e190e894a504a0583dbb78e9df659ef92261ff0010511372e76d338ce1a4bd
SSDEEP

12288:UAARN87JQlU7m0EgLaB43iFmJwOXNnd3y33plvqQpg8/xm+trje6B+cF5bporTO:Ud26uuygm8hgU4+trje6B/F5bpoUe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
v1.6-NoVolumes.exe

Files

v1.6-NoVolumes.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.soar
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lmao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.protect
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ