emotet | 1448aec568bd15a5df6a67fe357d65310426ffc7c02c11b7b10767a4ef7a7cae

General

Target

1448aec568bd15a5df6a67fe357d65310426ffc7c02c11b7b10767a4ef7a7cae
Size

100KB
MD5

2f035dd6b36422039b2910dfada0ac5e
SHA1

dc2b83b20c04153547d642049bad65773230e102
SHA256

1448aec568bd15a5df6a67fe357d65310426ffc7c02c11b7b10767a4ef7a7cae
SHA512

7b01dbe825e8fee92774c341b8bafb2813fd279e5310151c2ee9410135ce7320d0fec00b5bd1cfdcec89dd1a510f581a3c61ed2515c2664e538ad88b00006f29
SSDEEP

3072:TcVl6n7x7xBPFwICgFVHpn0MDczP8lCtvX9I:YUnaICg7p01kCtv9I

Score

10^/10

emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/98b9bd9da1ad5c48dc82f3c7152494217823514b5fc6d5b8e53b9b5a8dec5f7a.exe

1448aec568bd15a5df6a67fe357d65310426ffc7c02c11b7b10767a4ef7a7cae
.zip

Password: infected
98b9bd9da1ad5c48dc82f3c7152494217823514b5fc6d5b8e53b9b5a8dec5f7a.exe
.dll regsvr32 windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ