f4570a3e1ae9fb5307f321983c446d9bbef183de59726bd11be5440e6faf25f9 | Triage

Sharing

General

Target

f4570a3e1ae9fb5307f321983c446d9bbef183de59726bd11be5440e6faf25f9
Size

161KB
MD5

f44f1d6941436fe095bef7425f850335
SHA1

e442ae7623976fbc3b8bcd1118cdf9bd3ec2d6a3
SHA256

f4570a3e1ae9fb5307f321983c446d9bbef183de59726bd11be5440e6faf25f9
SHA512

afd084d03ea732dda2a331e4ffd5cbdbed6181649c520cd2a9b9522033eeaf4722b680ac920a666281f8ce6cd20c33aa6f36646e944b8b050973be544a3b850a
SSDEEP

3072:qv5Ls27BIJo7LyXuM/XXXdwVBXXXhYfjCXXXDrXXXDKXXXmfXXXxXXXLIIIBoqfm:qBs27V7LyXf/XXX2VBXXXefjCXXXDrXf

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4570a3e1ae9fb5307f321983c446d9bbef183de59726bd11be5440e6faf25f9

Files

f4570a3e1ae9fb5307f321983c446d9bbef183de59726bd11be5440e6faf25f9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ