Tesco's TS[.]exe | Triage

Sharing

General

Target

Tesco's TS.exe
Size

850KB
MD5

ddbcd5adc2bcf2105f1803e2b8182285
SHA1

c3c838563a2fb7f20ab76ca3bc1221f1e2fb93f3
SHA256

731f1ba498be06c7eac0f450e109d66a4898bfc4dc7bbe193c91ba4a77251731
SHA512

1e147417fa611fbe995f7d62f40fbc4a97458943e4e24d67181dbaef134dbdf397f72da40c1c4d978523ee773357d5eace40ea90c8ecc9653a2f488666ce01e3
SSDEEP

6144:9b5pQ/xvFp3r0PySXhyIbVjArc/HpZzrr5OOl3DtClvxSz7IN5mmV5JiC2b8PP9T:mZwArkFtha/jPcwSAreFtha/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Tesco's TS.exe

Files

Tesco's TS.exe
.exe windows:4 windows x86 arch:x86

Password: rt4T

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Lewis\source\repos\Tesco Lag\Tesco Lag\obj\Debug\Tesco's TS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ