c79c638cd4dd2a66d100532c070d07962d45706dc65826d5ed95be3f99a09716 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c79c638cd4dd2a66d100532c070d07962d45706dc65826d5ed95be3f99a09716
Size

72KB
MD5

9f32b7da5154774af7e1ff97e18a8c34
SHA1

1967da5b7f13d4b269c007b784806be3cf0f196b
SHA256

c79c638cd4dd2a66d100532c070d07962d45706dc65826d5ed95be3f99a09716
SHA512

4ff8bc66ee1d2eb1bfe77e1064a6e52beaf7f73ae1c06e81fcc21ffd7470cbeee8fc25a70266bc15af52bb0d4a249b55ee59ab8eca4778c52a6c7d0d2bb901bf
SSDEEP

768:ZrItKyw5WHXfQmjIiIk9ecAx7pP1EPU96MyXPdtldE9bIIIwjk++++T:Zr3Z5IfQmv81x7pP1r3yXPdtnyjK

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c79c638cd4dd2a66d100532c070d07962d45706dc65826d5ed95be3f99a09716

Files

c79c638cd4dd2a66d100532c070d07962d45706dc65826d5ed95be3f99a09716
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE