heq8Pl9Hwj5BYgwac7kNPg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

heq8Pl9Hwj5BYgwac7kNPg.exe
Size

4.2MB
MD5

26951e0592b48bf8c6df54c3ae151c2f
SHA1

1bbf196d5ba229af71a9fcb74d440b0eee53854a
SHA256

3299b5094786943cab108c7597ce62c3bf85328e71cc1a51455e867910403bc3
SHA512

85b086841fb993c1f7ad8d31cd31ce63585767794e8f96ba9414e3e7f8d0262a5e594f27889039c6756b1811e5756d6337bd8ae7e21c367de31aee74036f12b2
SSDEEP

98304:MiD88ln9isaRwnRb+YpZKCwm+/hhtv1bTnzgJjuh8L9h9XxocHnrIzMrqEsLnjY7:vk6qFKq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
heq8Pl9Hwj5BYgwac7kNPg.exe

Files

heq8Pl9Hwj5BYgwac7kNPg.exe
.exe windows:7698 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

CODE
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE