poll[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

poll.exe
Size

8.6MB
MD5

51dc4202d141b1c7378fb05761f50137
SHA1

2fecc776a400ff5bf78a9fd9ea547d101dca9d96
SHA256

4c091307a37f52e0c4fed9614c71fdc46596d5e48bc9370d0f2b715544629662
SHA512

0fed522ece616b636c37dab7005c22cffb6d34d698f53692e225029f02ccf332806f227d99699b86affcfb8506babbb9f7ac17d8a40d48e8de2d589fb4a86e20
SSDEEP

98304:tsoh4JewoqHmdcBy49nshRqzsqMAXXEUt/9EKqN81:tsoh4c6HP2pqjXU0nQ81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
poll.exe

Files

poll.exe
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.data Size: 272KB - Virtual size: 272KB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.pdata Size: 24KB - Virtual size: 24KB

.xdata Size: 28KB - Virtual size: 28KB

.bss Size: 396KB - Virtual size: 396KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 3.7MB - Virtual size: 3.7MB

.vmp1 Size: 8.6MB - Virtual size: 8.6MB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 272KB - Virtual size: 272KB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.pdata
Size: 24KB - Virtual size: 24KB

.xdata
Size: 28KB - Virtual size: 28KB

.bss
Size: 396KB - Virtual size: 396KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

.vmp1
Size: 8.6MB - Virtual size: 8.6MB

.reloc
Size: 4KB - Virtual size: 4KB