ded3a58fa73e7f62e8019d0729c29b89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ded3a58fa73e7f62e8019d0729c29b89
Size

158KB
MD5

ded3a58fa73e7f62e8019d0729c29b89
SHA1

cb5b39ce81ab6a5f315edde1bc4bfdb4ca1ba67c
SHA256

3143a573a4aedeb28c4f05debb91159ae7d00ad9adf5f5f7198c2214cb30417f
SHA512

08a45a4dff818a1cbce5345457c30c15d7f2f718ae8fec427c87332329095bff03b1122cda6462e2ec1b070b93ec118e949f9373701e7a6a0e5a1f121d66ce9e
SSDEEP

3072:Akr3A7Alq7BJI77xu26MaAuDeeIgOVXn/og7Uri8SktlFL++8OJfxCg8XJ+:Pc7AlW4PxujSi7IgOVX/97U8qhlUJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/th.exe

Files

ded3a58fa73e7f62e8019d0729c29b89
.rar
DONE.WAV
Found.wav
GHCiF.readme
SEARCH.WAV
Trojans.txt
clients.txt
th.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
what's new in 15.txt