29e59c3939edf8bc86030ce12880395395963b93f3cd4b57cf92f22b067ba631 | Triage

Sharing

General

Target

29e59c3939edf8bc86030ce12880395395963b93f3cd4b57cf92f22b067ba631
Size

732KB
MD5

29f0e55f0f57337be62f591adc0b9755
SHA1

25d4ef5c57a656324f521fb1299261902b016522
SHA256

29e59c3939edf8bc86030ce12880395395963b93f3cd4b57cf92f22b067ba631
SHA512

67d2255b35f8e8c6b096f5d1d30fbef587cd276ee0a1b4e390572136fb197f42442c87867441a16509f67eb6bde2af1a8010d4ad78fbe818c4e5ede173006f38
SSDEEP

12288:zsf8+r4C3tL4lgmqVFJ0OfJ0OfgS1CTmrPb:4f8+f3tL4lgmGFDD3EC

Score

10^/10

Malware Config

Signatures

Detects executables containing bas64 encoded gzip files 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e59c3939edf8bc86030ce12880395395963b93f3cd4b57cf92f22b067ba631

Files

29e59c3939edf8bc86030ce12880395395963b93f3cd4b57cf92f22b067ba631
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Daten\Visual Studio 2017\PGNumis\PGNumis\obj\Debug\PGNumis.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ