ECNO[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ECNO.exe
Size

202KB
MD5

1215b7af83ced32c7660c93cbb5b38d0
SHA1

9dc9a24150e124bcef8813655e37ac56ea948e5d
SHA256

ff1e7d0e54639d03d944ac72193885d9cf5e8e55bf59338bfd52e91410b89141
SHA512

f0dff41e58a907f213e26ac2e15b00be7b658d10f49803567fa2a31b231d544a187dcc6c4df07a9e8bee85ba596b649f08bcf61791be1c54c6ea7db3d1609cfe
SSDEEP

3072:RI0nPvatfJ7MGVFUaD9i6RAQqf5aMXT5m67RpexEzJ/G6M4kfj6n+RHcHr:RKt57F5TA53XTE47exEzJKjRROr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ECNO.exe

Files

ECNO.exe
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pysw
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE