rlytKovocev[.]exe | Triage

Sharing

General

Target

rlytKovocev.exe
Size

2.7MB
MD5

5c40f881cfd257fb116100161d1e4922
SHA1

b55914f0b9fc83cd0daa0ff4702c58d64f983532
SHA256

aa724c91bf851cb3ee01608dc4b96d24a61199b4339c16eb5490bce93f32c2e8
SHA512

cbfed0b80f52fa64a2fe84945b0fec472c1ade22658fae694abd1e554f292e0ffb2d06d15367fc5ea740afca58fb17755895b044f5f553cded1d061817c0fb12
SSDEEP

49152:+qoZ18BOgi4/IrBViTb+bPcuY6yPu5zQfVxC4DcNkrgtwv+9W6o:+qoMBhf/IrBnPNY6yuQf//50wmq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rlytKovocev.exe

Files

rlytKovocev.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ