KranosServerForRatting[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KranosServerForRatting.exe
Size

130KB
MD5

1a244ac049274f3818f3b35c70b31a13
SHA1

09d846fee1ba376bc7029bd268e734b832d05b02
SHA256

925d86980214a02a88a7319e544f51a0870923f3b7b323c0e84fe9fcff95795c
SHA512

536603e225821066da1431a1530022b3f3b2b03840e0a88a34277d2dc5aaa1ede6b6cbae23795cc38bee452aba935a51ec25966d077112cd71b05d789f908b39
SSDEEP

1536:NiEwsj7XEIH8oCMGDlzlEUCnDCZI3K7cvfY2WVxBEYJPwk4at0ehbzXgr/i/vcI:NiQj73YVWa0ehbzXgr/Kz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KranosServerForRatting.exe

Files

KranosServerForRatting.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ