vrwJUPrQkQA[.]exe | Triage

Sharing

General

Target

vrwJUPrQkQA.exe
Size

660KB
MD5

e47509572ea188a78326872fda99fe64
SHA1

61445d5ea22042336963a7a1060e6049c5d52fc1
SHA256

ef2c040076c60b1c9dbe49868b75a036073d4e3d4d9d20d911e0166ffe1317f5
SHA512

98b9c9822008bff777797b4346df430fdb97516539b423984b709db878353cf4b8d20d53a1110507abafe94920468387f381e32f056493244f41ddbd37129c90
SSDEEP

12288:nyLMnTWeLAfxcFnogLeYyyrto7lydPuDdiOSoKLZytl7eDhbMWz3E65qq9:fnTW5wiWto7HijovLKDKWa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

vrwJUPrQkQA.exe

Files

vrwJUPrQkQA.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vjdX.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ