Zhylos cool-protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zhylos cool-protected.exe
Size

580KB
MD5

ece18555e0ea05c43aa0286f167bcffb
SHA1

4f17817dd4e876a695b1c8aa715776ca49b3ad79
SHA256

c454fc176ae5f79d809706f23b0ebaa035d336ef69fc12d9d02b0e987c33259e
SHA512

6f573173bf27f8f261558336e2312d896030cae534ce33a36cf6d5f2183c55683f39b5f9a2d4f561417ba2ef911c0c087706778ee08f0b45ede9f963d0893b52
SSDEEP

12288:J4musRyjzm2MQlg4bgKWa7sePhBv4hs+:WsOzm2hbgKWa7BPghs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Zhylos cool-protected.exe

Files

Zhylos cool-protected.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

<`yy(P
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

<`yy(P
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CF357827
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ