jupyter | decoded-1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

decoded-1.exe
Size

1.1MB
MD5

7916dc2c8b0c890c7bad4dc22c48fd27
SHA1

99decf0d0108f605a0620a2a14418888cbde4870
SHA256

706e3a4629020343d506f761c350275abc891eeb5488d9f4bd383c3cc8cd7346
SHA512

34100f8043ba3d248359d586276185cf8568854d504beaaa903c9fe939f2f0d126f35c77d76f288138c4ac472fa29d08830cfee9e38a36cf9ccfc757446ffb4c
SSDEEP

12288:qiCjMcvOxBQmtXjcyB6CwRb+GUtkYZMRJOvgK6FS7YZFhiRD8gYyZMkPf:qi+ODt/i5sOFS7WiRAgnakP

Score

10^/10

jupyter

Malware Config

Extracted

Family

jupyter

C2

146.70.40.235

Signatures

Jupyter family
jupyter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decoded-1.exe

Files

decoded-1.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ