Petya and kaktys Builder[.]exe | Triage

Sharing

General

Target

Petya and kaktys Builder.exe
Size

258KB
MD5

fe311cbf28e46b0bbfbd7e848ac6867b
SHA1

14b231291b8370fa08da5fec80cf96ac713971f6
SHA256

36ae29df569363f2ab310bbfab894f449c530f8b1f0320f42714cb26cd744750
SHA512

8835a89c2f52ef10e5363c5caf9cebb94f3402a8d37aa0460f95307b6e3f626c5ced6220e92a6fa875b9dffe118ac15adcd8d01a5771c8d2cd951966e7571838
SSDEEP

1536:EbJWf9d1f5oua8byL76pmqMQoXhVN4aooJhDCSGyfel82WNxK:Ebkf9d1zRGL7NTXh/sEhD4yfdNxK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Petya and kaktys Builder.exe

Files

Petya and kaktys Builder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\User\Documents\Visual Studio 2015\Projects\Mischa builder\Petya and GoldenEye BUILDER\obj\Debug\Petya and GoldenEye BUILDER.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ