poiushell_2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

poiushell_2.exe
Size

695KB
MD5

5de80c6897a1afff584c63ba9bb5c12a
SHA1

de030b3228546f3020f821a9fbae0e593713cede
SHA256

a1e1f2ee913c51b75a52ddce2693573e70f7b3a7978ff0d04b61259bbed51069
SHA512

a2224ced8f5300abdb51e33010b0835a890bb4bf984ca47665e27cee470fbcc2eb86019bb9fd00cf34b0d56318110fff56226a8982e23e04d6ac5eb0ab4b4481
SSDEEP

1536:beVCgwMaqOBbBbBZBbBZBdB9BZBbB8BbBbBZBbBZBdB9BZBWBbBbB1BfBbBbB1B8:mdDFd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
poiushell_2.exe

Files

poiushell_2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 693KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ