itMES_PDA(QG)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

itMES_PDA(QG).exe
Size

145KB
MD5

35201d5c224af84000fe3b29c1177958
SHA1

7fe68653c9de7a5492226def1896ca1c5e54e4fa
SHA256

a9d12d6582d629b8ee4e3f1806bc12d3d878c4ccaa4653b1f67e37640d34f39e
SHA512

6d2050b4caa799aff1c0069583be3db83a6c781d3d453b3a2454a7dfeeec902d1577a544c6b0efd1f1de6f3b581a427cb2a54f4e2ac10d111ff50ed898ab67cd
SSDEEP

3072:JF3WLpuYB6p+aT0Zclm2iJcKjFJ3X75xDYarn3vLLAz0rpxu9XtrjO8jS1ibh096:rZlmHJcKjFBr5ya3vLK0rpxuFtRjSRh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
itMES_PDA(QG).exe

Files

itMES_PDA(QG).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\项目\轮胎行业资料整理\顺福昌\福麦斯全钢\程序\itMES_PDA\itMES_PDA\obj\Debug\itMES_PDA(QG).pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ