P1 HWT623ATG[.]bat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

P1 HWT623ATG.bat.exe
Size

736KB
MD5

cfd86b8016c2604ea4b9cf22e6316e22
SHA1

76bbd37b9fa76903785813af01c9cfb913c6b7ff
SHA256

3e8a45e1f0face1dedab9167d1e0405000f94d1dfaf1780b45cbe315f1ead0d4
SHA512

5c310750f9cef44874e55776d574eaec2c02413f87011b85e2ec153dbe0af48b0af8925780313211842a61e3361dbefb6b8e2773f0a7a7a773862fb310b88feb
SSDEEP

12288:e3qyJMgFKQK9RXZ18byY0Po42ki8BsG5llPjP/3DUhUMn9QVYT:e6OxFKQmRXAz8awlPjn3ohB9VT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
P1 HWT623ATG.bat.exe

Files

P1 HWT623ATG.bat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ