RemoveWAT[.]exe | Triage

Sharing

General

Target

RemoveWAT.exe
Size

6.4MB
MD5

11100867b81fd8d80a4cd924f7abcb0e
SHA1

4d2aa4ccd5940994f3cc6f9f8e1654d32374d241
SHA256

fd2b77e40888a35478d5d14f5be780f00ae9720561f1672142884d7cfae59cff
SHA512

5f37f839acd967095185abc0c5cac389514f509dc82becdb9934ec735054bdaa966a250d8be72bbd9998e20a42dbef8344c7a1a0c9283823ec73224d431da865
SSDEEP

98304:I33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAyT:WyKnZrrLGA3PhsKPkG09WP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoveWAT.exe

Files

RemoveWAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Harry Frith\My Documents\My Dropbox\srslolz\obj\Release\RemoveWAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vtwtcer
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE