payload-x86[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload-x86.exe
Size

4KB
MD5

001d7b4dda995df833a503bea023d8cb
SHA1

b5015d6c0c3bc55314a64f0b8bd655eadaee1a65
SHA256

e9c65fa8a1b315f495a7bf35a1b6780fe099aa5d6e4cfa4ca51bb631d485bfa2
SHA512

73d462006d9db1f7c5fb0ad3381ff17dcc8a1e7b3514febfe6128cc2d84ef7c072ff3a4fc17c8674b5c85989d1a961771c7f4da6664dcf3268342d5737acabf5
SSDEEP

96:RiMI7nY7n2nTXEs5RTD5DwvlLlClUPoj:9I7nY7nCb/RTlD2BeUq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
payload-x86.exe

Files

payload-x86.exe
.exe windows:4 windows x86 arch:x86

5b1efff93dc78408e7adceb2ef973a74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
GetLastError
VirtualAlloc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 285B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE