c406bdaf5b172486a0be87092e1fcc43 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c406bdaf5b172486a0be87092e1fcc43
Size

1.1MB
MD5

c406bdaf5b172486a0be87092e1fcc43
SHA1

7495a40af2cf600ff08689a05d3d868bd8c0657c
SHA256

644495ba49c869ddd4ed219d7d2be5bda54205cd6b12971f0d05ee09b2e18bd2
SHA512

7d54bf01c733fe0c0299212a74c0db528501c1cf9b4873bc31db484123430f20a56b9c74910f32b18ea7ef0718df46982e3a0bdebdf7d5754f4758e1f2ea0912
SSDEEP

24576:StLoXzN2V0KM3feX7rrrDRJmdRbLHi/5CPGn:wyxmlMveLrfFJmd1i/5Cun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WHDownloader.exe

Files

c406bdaf5b172486a0be87092e1fcc43
.zip
WHDownloader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Lee\Desktop\WHDownloader -09-29-2017\WHDownloader\bin\Debug\CryptoObfuscator_Output\WHDownloader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt