dbae520b29ddbf75c2d3e51949ff5fb54fafcd0278ca13f2c8c8decd23a14495 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbae520b29ddbf75c2d3e51949ff5fb54fafcd0278ca13f2c8c8decd23a14495
Size

5.5MB
MD5

4cf0ff9b6b3636ad62645944b9b21595
SHA1

9c93e4f33c9f58fc534238bd72355158aa60518c
SHA256

dbae520b29ddbf75c2d3e51949ff5fb54fafcd0278ca13f2c8c8decd23a14495
SHA512

50de472a1210655b47b7a6c9bd517ad17b8f8ecb8476a0a3973786055cba196401727caec1c9645a243d5572a82efa624d8d80f16971f7dfd22ee96f98715f1c
SSDEEP

98304:emvI8BQJD6d8HEWmTAPRy2bsSUwMfmuZux/7mHwvTQaY2GAnPrxBIixvlj3vIZ0F:emvrBQJDKwEWMApDhMfmh1TQX2GAnPrV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbae520b29ddbf75c2d3e51949ff5fb54fafcd0278ca13f2c8c8decd23a14495

Files

dbae520b29ddbf75c2d3e51949ff5fb54fafcd0278ca13f2c8c8decd23a14495
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.7MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE