fWhzc14OSz[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fWhzc14OSz.exe
Size

8.0MB
MD5

5f0f1c0f152f78c0a323f197dc17ea75
SHA1

3b870b795212895c46cdc63cc506017ef5524a15
SHA256

d0fe1d44217088d5f2b0f3a16320089b95fe8453fe66ec834b00cb50973a612b
SHA512

a4827974ffe46379b36270e3a41bbd2b82031155d3936a78b5ef84ad52da890bb46a1e494a7d89048bbc2a990bf09db8bd41a18773c11174d07994e9677cada0
SSDEEP

196608:BAGbj+H16MYg74GQoSdzbtAzb8n+GClLYGew3EeC0M:fyQoav2zvGkLYE3E7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fWhzc14OSz.exe

Files

fWhzc14OSz.exe
.exe windows:6 windows x64 arch:x64

1e341c61a962dd41fcfa959b45927279

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW

kernel32

GetModuleHandleA

shell32

SHGetDiskFreeSpaceExW

user32

CreateCursor

Sections

Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE