korepi hack[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

korepi hack.exe
Size

143.8MB
MD5

f58f20dee8a171e40bf446b436aa7e9c
SHA1

26144fdcaed65fb8f6f074c4229fc63fd8204ad6
SHA256

e130f173c49a78a94c5cee7c6ea269d9563c47115854b54c6d1c8b1c09205aba
SHA512

7759e0ce839b33778d17c438fff876b7292c58b796e729984c1efd0346621bb55af1be0ed16996a811788b7baeeeb98368b2dcc20a02497a85649abe995260e2
SSDEEP

786432:wYe6Sq+bay4ew//AiCJW3CTXi/sTu5t6UJabNL7Ev3gkXdeUANKRJf2sCJoAf3v:1/AVhCoyVmxEuZqDemfi3o/qkUR+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
korepi hack.exe

Files

korepi hack.exe
.exe windows:1 windows x86 arch:x86

140094f13383e9ae168c4b35b6af3356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SetErrorMode
Sleep
VirtualAllocExNuma

shlwapi

PathFindFileNameA

msvcrt

malloc
free
memset
strcmp
_strcmpi
strcpy

Sections

.text
Size: 143.3MB - Virtual size: 143.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ