Odeme -(Mayis)[.]exe | Triage

Sharing

General

Target

Odeme -(Mayis).exe
Size

242KB
MD5

83e7f4ab1716acc476ec084ce84861a1
SHA1

64e8e30193ad042474c157865f8938d101fa4f80
SHA256

3087ed281ceea401aaf8fbd45b1d8fd6d384d48d3b097dd540162efa6931727f
SHA512

3958276eded5fc7b18c418b686a643f09b4a0025c87d2bf15e66b07ffd5c1ad86467a4c9b201ca1cd619a18d334ab92ed2dbb071d7ff9adb9209793403e9747f
SSDEEP

6144:IpB37AhZUYolzBt09nG29wiGjTLxTiaUmWdShuTcC8ZRfdnTI:I33sONvunqPnBi6WkhuTcC8ZRfdU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Odeme -(Mayis).exe

Files

Odeme -(Mayis).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

oz{XYQ*
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ