OffiZ[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OffiZ.exe
Size

1.3MB
MD5

ffabbf2f9e879c2efc3316126a6434f2
SHA1

2be78107b5b5f306e21b99051a412564963ec2c2
SHA256

940cb94df4f7096ca569f86e17ca066e1eb090fced4b622611f84d1abb7071c7
SHA512

7a04643d3e99179666439d116cf635eade152242379dca9352497050e52bc521e09f30e33c1b73bc5748fc61fd627e78d22237d6850144e97fb9fe0a95a958e6
SSDEEP

24576:9uX93ueCaTTVKaM+TYZ/BH+W6PCgyIyiphCyqYiSexMMELGlz:4XEeCaTTVKatTcBwCgyZwhTP+MMELG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OffiZ.exe

Files

OffiZ.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Георг\Documents\Visual Studio 2012\Projects\OffiZ\OffiZ\obj\Debug\OffiZ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ