C:\PhilTFSSource\Winlink_Gateway\RMS Relay AWS\RMS Relay\obj\x86\Release\RMS Relay.pdb
Static task
static1
Behavioral task
behavioral1
Sample
d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7.exe
Resource
win10v2004-20240412-en
General
-
Target
d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7
-
Size
1.2MB
-
MD5
17d6b66c4dd1ec8fe8c037a023656d6f
-
SHA1
5a26bc23379cc7cd6eeda40f2fbdba0e6f66bb0b
-
SHA256
d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7
-
SHA512
63035468a60ae691b3c1b22e032ca83908decb41f70d6198b752db230b6b3980d37b770fd09faeace29f0a9e74cb2b7458984b00d8879cf7951ed9466bc25a9f
-
SSDEEP
12288:YD3vLE1zNzbf7ihnY0s+ghkivC2rK8g/MdliHtos8TsLgExFX:YjvANzbmhnJeCivC277iftMExFX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7
Files
-
d9cca57fb368a826fdbe230f16d17944ab8de6bb1ce4e2746aef6160d69aa2e7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ