b638afd8c3ed592dcb4c9be0cd93a239 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b638afd8c3ed592dcb4c9be0cd93a239
Size

90KB
MD5

b638afd8c3ed592dcb4c9be0cd93a239
SHA1

3869956d73ff24482bc33f497d85ca0c74fd0cce
SHA256

212c98a58ded7f2dc2be4070d2b36e32edd5e89f1bb033ca753ca69c82c845b1
SHA512

8a30b0c068d6c4c502e3ea9e671e8b66fc1fa82f5d48d7b935a15e0f81d7b8e9a5c7bd69af9054bb3da43f4f1780c899b300b2b3470ecd58c6104ca295ccf200
SSDEEP

1536:ZkDro9Ash6VQZtlRtQlQ7pYw/zQymCJVVBZHITMOHysSTj1B9Ip9fWRYVBXAgOn1:qDvsEU8lGpD/NZBZHlGysSTBB9Ip9cYc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GOLAYA-DEVOCHKA.exe

Files

b638afd8c3ed592dcb4c9be0cd93a239
.zip
GOLAYA-DEVOCHKA.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ