b64edc93b9e132eb972f3279e9beaf4bb9b43b950d2f0fe82d06c09da8f1a7e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b64edc93b9e132eb972f3279e9beaf4bb9b43b950d2f0fe82d06c09da8f1a7e0
Size

39KB
MD5

c2c0fbf35f0c829de4fb6a51b0ea5b9e
SHA1

34dbdba0024f3f00c1e2b8b7ada18a2f8e6a2bae
SHA256

b64edc93b9e132eb972f3279e9beaf4bb9b43b950d2f0fe82d06c09da8f1a7e0
SHA512

fc858db109f258a33a704dc7c572c0750b412d66fb2c8b98fa1dfebe42ab0c81ce6fa30bd8fa23758afebee901ee0149eea3276ef491788772a54b63b164d312
SSDEEP

768:RXD8XO9pISUyzzUYYY99iWJcH9WKnPuUM/aJO9p:eWAykYYY99ZJqnPGb9p

Score

10^/10

Malware Config

Signatures

Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawPaste_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b64edc93b9e132eb972f3279e9beaf4bb9b43b950d2f0fe82d06c09da8f1a7e0

Files

b64edc93b9e132eb972f3279e9beaf4bb9b43b950d2f0fe82d06c09da8f1a7e0
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Pictures\ShibaGTTemplate\obj\Debug\ShibaGT Template.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ