千方百剂医保前置机[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

千方百剂医保前置机.exe
Size

368KB
MD5

63c56ad7a6eae63f49ebf22b94b4a60f
SHA1

3010dc2392bed143f5ab152d0f090711485ba703
SHA256

da9c5bfb6abe1fcf534858ab6f713d5d4455638ad01960263ef1c905910e5bd6
SHA512

badb70ad8f3cea2def3ee0ea88597483718358c2e3d6bb67e4733ee9fdaae774c7dc6c7b0b2736e7ef28d1baf17852d41731fd5ed784ab187ace066a8e8ceb75
SSDEEP

6144:IderSroJn0q7PQv77PQvg7PQvrl7PQvI7PQv77PQvw7PQvJMKm7PQv77PQv77PQr:PSEJz7E777A7J7E7h7qMKm7E7E7h7qMn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
千方百剂医保前置机.exe

Files

千方百剂医保前置机.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\VS2013项目\千方百剂医保前置机\千方百剂医保前置机 - 客户端\千方百剂医保前置机\obj\Debug\千方百剂医保前置机.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ