2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2.exe
Size

2.2MB
MD5

00caaedf08f55f00b6706a4cc73d09c5
SHA1

2625dd5fce5d6e0c01c39f34d54c84d32aed0db8
SHA256

0614da61a49f84beecf4a12ea24f0ffd84c3fe4856bbb6f8664a9ca4de1312d7
SHA512

0761f8668964a906b210455d97bc78fb5fc8bae94ca5eabb65305e6457484124c8541aee79e942149ab90c8c56a9d57e02c18d07e125289e2cec565f09c6ba8e
SSDEEP

12288:oH1uRGfIgtgFBkNnK7+arpMFK0EZDZpUKRx2JPVkAiMnMiHkIx/dzE7CpdVXHvSE:oHhfZacK7LpM47NSmm1/908b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2.exe

Files

2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

~WAJn8
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ