coore32-GDIOnly[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

coore32-GDIOnly.exe
Size

76KB
MD5

00dd91a5ca7b11c2e46d96d9dd9f5343
SHA1

1dbaa06cb9dadd27b8fca176f2b3e6571cc74b5b
SHA256

d765cf255d4c6cce3a40844ce56c3d0410a6cc8657dc553d04e7f08d40217c0d
SHA512

fcb26b13f6092def715e59b26d9dad6931918eddb56ccd278af29c4e07380ccc86bb28569942d869c5b25dc7931af57216e8c851c59a1773ab7143682e1d9b73
SSDEEP

768:FjQQjL379a+ETISrfEPo6yd8YYm6bJxyfcZvIwnXcwaR8XtYc0mVc6K:BQmLM+ETZ76E7Y7bz/nXcwM8GmVcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
coore32-GDIOnly.exe

Files

coore32-GDIOnly.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ACER\source\repos\coore32-GDIOnly\coore32\obj\Debug\coore32-GDIOnly.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ