3ef53ef4bb31597917ffc0ec803c4da72d2141ef898f0dcb0b6a8f1f8b840acc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ef53ef4bb31597917ffc0ec803c4da72d2141ef898f0dcb0b6a8f1f8b840acc
Size

41KB
MD5

905d8e76586d2fcb2e347178d4e3a216
SHA1

dad3c2a6a2b9795ab6b00859ef5c10f27fea2a4a
SHA256

3ef53ef4bb31597917ffc0ec803c4da72d2141ef898f0dcb0b6a8f1f8b840acc
SHA512

78e4d835fd655aca33235702e6da126ad9f6d6f4226bdbc4cc5219178ed5b42e1d3c8cd962574d148f9bf443587336ffa9102bd37402cd75cd6911cf2dd16168
SSDEEP

768:aUNjlRMujI728kfxls4Ddqt6qWWMYB1zboN6QILhQCYrT2GrBv:AujWkrsMmWWMYB1zboIQEuCYrfr1

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ef53ef4bb31597917ffc0ec803c4da72d2141ef898f0dcb0b6a8f1f8b840acc

Files

3ef53ef4bb31597917ffc0ec803c4da72d2141ef898f0dcb0b6a8f1f8b840acc
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Krali\Desktop\manager\Update\obj\Debug\Update.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ