b0033520f13fe02673e46393dab3b1206a2e1c27194782c58d37e30da9659071 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0033520f13fe02673e46393dab3b1206a2e1c27194782c58d37e30da9659071
Size

5.5MB
MD5

11418b72d4a6305626f479748a25ee16
SHA1

d412345d53071ebc54cea6ba5fd46b2dd956d11a
SHA256

b0033520f13fe02673e46393dab3b1206a2e1c27194782c58d37e30da9659071
SHA512

a6410d6ad595ff2d61de29e0263acd3de0e6cd46b5df2b3ce8ad682d7d8756a835fc18b55b9da3fd63a27e8fbdcea13a77605a7e2abdcf5cc86a3329b423c7aa
SSDEEP

98304:SWGFj2IRWHKSDjPd/sjRbcqnoR9oNHCji579x6QWCuczoz5Jjk2kH:SNBDAqCkjNnoR+NHjNCqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0033520f13fe02673e46393dab3b1206a2e1c27194782c58d37e30da9659071

Files

b0033520f13fe02673e46393dab3b1206a2e1c27194782c58d37e30da9659071
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.7MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE