H20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

H20.exe
Size

9.8MB
MD5

4dd1d4b1fd66568fd4fb65d55917a687
SHA1

1777de3758e1af2edc49b42d5f498835358fa89c
SHA256

6b2c58f13f2f15c786c92b1a825a8583ffd24c0c926b86e9d5c943b4316b32d4
SHA512

587ddcdb5797567fedec40b244d1a91f248a925896981df69fe18b218700a4fec8ebd4d0c2708e8d742596ce692c62dd81769856f186a0149ec57e800d42d5bb
SSDEEP

196608:j7508bvgXvjvNjvXnhvR3vDfHmvqZAnvCAVpRvHv9vGlbWsiaLrvRvinKaiV1Vxa:j7508bvGvjvNjvXnhvR3vDfHmvqZqvCM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
H20.exe

Files

H20.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ