poshc2 | e9ae289086bc1a922177fd3cefaf7323f36618446d023352cc56e1689755d448

General

Target

e9ae289086bc1a922177fd3cefaf7323f36618446d023352cc56e1689755d448
Size

9KB
MD5

4ad0833c77b25d1f29e6467ce9ccca3b
SHA1

2ed680feb2356e1261698e211d69019f7f17bbc1
SHA256

e9ae289086bc1a922177fd3cefaf7323f36618446d023352cc56e1689755d448
SHA512

594fc6de24f35a34e83485ec47eff455d0851321f8ba0d982145564abd6a3595f6ca0ed6a30399f72e870adb871b97721b9cbe0fdc0fe28cb8a1fbaa8636bbe7
SSDEEP

192:iVY7LwLNMaSRXp66gh6ltOJiJUvFSufwzui4e0gCdAYC2BjdbAU+cxQP:iV9aaOp66gwtCNSufwCi4e0gSAoPbA0K

Score

10^/10

poshc2

PoshC2 binary 1 IoCs

resource	yara_rule
static1/unpack001/998c6e82bf33a5610b411307f3dc729d5c937f7f61def6821605c042489723e5.exe	family_poshc2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/998c6e82bf33a5610b411307f3dc729d5c937f7f61def6821605c042489723e5.exe

e9ae289086bc1a922177fd3cefaf7323f36618446d023352cc56e1689755d448
.zip

Password: infected
998c6e82bf33a5610b411307f3dc729d5c937f7f61def6821605c042489723e5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ