3bab54a2bc096159964f2ddbcce93437dd97f3d9e00bca81dc37d5938afebe99

General

Target

3bab54a2bc096159964f2ddbcce93437dd97f3d9e00bca81dc37d5938afebe99
Size

553KB
MD5

34c58389f399c2df3c6da6ef4fc30352
SHA1

e0a04c637370ad078c65b2e744a24401deebbf1f
SHA256

3bab54a2bc096159964f2ddbcce93437dd97f3d9e00bca81dc37d5938afebe99
SHA512

39d02a86d6c008f2fc09cd5b4f78c1f0ecbd92a6bf9b94f688ff3b071396d8917a6d641764fe8ca4eb5909612526dd910e295fde9f88337ee11b80b83b61f596
SSDEEP

12288:KMyykRfzJmOM2h7CLXe5Oy+7QYlk0bgoHFVydIM+yc8:PER7JmOxCL5y+nlEoHLyq2n

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ed0060d90610311944437da9ecc113e293b2800b903e5617b115d5bc48c379bd.exe

3bab54a2bc096159964f2ddbcce93437dd97f3d9e00bca81dc37d5938afebe99
.zip

Password: infected
ed0060d90610311944437da9ecc113e293b2800b903e5617b115d5bc48c379bd.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

qamR.pdb

Sections

.text
Size: 558KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ