176fae705e450babc8ded2331f0a9f6492b5559f47510210201ee1235fc9df0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

176fae705e450babc8ded2331f0a9f6492b5559f47510210201ee1235fc9df0a
Size

4.1MB
MD5

5b2f6ca9309601aed0a914677b7996cf
SHA1

d34b47982e36db64712961bdbd8d206b943dbe23
SHA256

176fae705e450babc8ded2331f0a9f6492b5559f47510210201ee1235fc9df0a
SHA512

b2366af356b193b354e3854a041774777482256dbaaaf8e9aa1a2f7b5cbee53cdf39c3e323a0976f78fd552214aea2c79a83e9e52e12b6e4423310877b4c474a
SSDEEP

98304:z1m/SGAC9ljz7t4afzq8MQkduOScwft9HZYUohwoYGY6AOof:Bm6JC9lhbqd0tf3HqUohFI6no

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176fae705e450babc8ded2331f0a9f6492b5559f47510210201ee1235fc9df0a

Files

176fae705e450babc8ded2331f0a9f6492b5559f47510210201ee1235fc9df0a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 287KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE