explorer_exe_PID4a14_hiddenmodule_140000000_x64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

explorer_exe_PID4a14_hiddenmodule_140000000_x64.exe
Size

67.7MB
MD5

f3f902c1646f84be52dfe69d40221544
SHA1

bb52a0d1bbe223212353b2b1577138932e12b4b5
SHA256

5da42fa9a11e345bb1ec47e7d214acd28ed0bec62377ad55fbbe38aef5eaf246
SHA512

19ad2db0fde2858cba2df0916022fc0c300945c96e77169deb980a222ad9de382bf51ba522e1a07b45f8e9bcd3f6ab9f4ac5896f667c52b149f8cd77711dc933
SSDEEP

1572864:Xi2gLrH00yBvdnFPIRxQfZtbTWslDTaSagsw:Xi2+yvdF8StGYDTtsw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
explorer_exe_PID4a14_hiddenmodule_140000000_x64.exe

Files

explorer_exe_PID4a14_hiddenmodule_140000000_x64.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

cyxvbusy
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hloqvquo
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

lzmsbqwf
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lietwhgu
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

knpxmqff
Size: 348B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pukqakon
Size: 27.9MB - Virtual size: 27.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

dkxyaysb
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dzsuorxx
Size: 33.1MB - Virtual size: 33.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

wrxmuakh
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ