gif[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gif.exe
Size

27.5MB
MD5

b5090dc4f14c218aaaf0151acca492b8
SHA1

4a918de48e9c8aa9a70df7045031f1a4cdfd1f53
SHA256

f8013d4b09b2d315c48042c86273ab34767fcf669442bfc51f62df144107e46d
SHA512

edba0a802d779b3e7c62fd19a6bbc0a37821137d6712941456a8303049c58d95260d18d564154950e4c6fcc517bb79125f2a4f2ea42fc6f88080ced54c5d7078
SSDEEP

786432:RNM/WOTD1iBcTMtEn8vigeqFASXKU7CN:RkJlBgiFqFA3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gif.exe

Files

gif.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Hatsu\source\repos\gif\gif\obj\Release\gif.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27.4MB - Virtual size: 27.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ