dekont[.]pdf[.]exe | Triage

Sharing

General

Target

dekont.pdf.exe
Size

1.8MB
MD5

6d26359927886760ffa291fe921867c6
SHA1

fd99f9280849fa8b6db7eb64c1a9bd1de53c55b7
SHA256

3012c20b03ff9ce7420c6729f4e55e38204e294dcf2f60c1357587d86e118258
SHA512

ce279cb22d9214c98e6267c5ad039bbb135f2cf09c82869e51d92fd3392df1e8a81e60cb9fdc05b8ea63dce009378e18958984d3ae6e6ae5bb48afbc3a1c5b30
SSDEEP

49152:yJyuDhEZINYsNpIDoUHvUJ7hAZBS2bH9BFq3m/FTf:yPloINx8McvghMH9kYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dekont.pdf.exe

Files

dekont.pdf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ