7c8fa12002b9886487d4b75e75995c33c495acebc912986e1489608db168f028 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c8fa12002b9886487d4b75e75995c33c495acebc912986e1489608db168f028
Size

5.2MB
MD5

cc4f6e3943d635a2fde3231ddee473cd
SHA1

9f7a5657ed71b1702ffd310d01ed660e3754377b
SHA256

7c8fa12002b9886487d4b75e75995c33c495acebc912986e1489608db168f028
SHA512

a52a23af7efb0c34fc2050d9dcaf3e7c40691b06e5c7ea4e0cfd46b7f7a965341f2269f04194e0177268a058f4875fd5aef97e75cf74fc49c3b4416a8616e58d
SSDEEP

98304:gWdD7COK/svlJ0QoHbry2Y1ys1Qn6ndN0haH9gXkGYpLpKUI:g+KCey2aysTPr9gXVYp4UI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c8fa12002b9886487d4b75e75995c33c495acebc912986e1489608db168f028

Files

7c8fa12002b9886487d4b75e75995c33c495acebc912986e1489608db168f028
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.4MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE