ca000ad29577d0e3d611e90c10e2a0e45f4083a04230da8f59bc670c17a326dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca000ad29577d0e3d611e90c10e2a0e45f4083a04230da8f59bc670c17a326dd
Size

2.8MB
MD5

72a7ff0d5f51582a6bc8865f9f095186
SHA1

a2648054b49ae2defc0d2798aa13a0f401d7ca0a
SHA256

ca000ad29577d0e3d611e90c10e2a0e45f4083a04230da8f59bc670c17a326dd
SHA512

2866c9f3cb551a898eb67ef4d5f8c2f0faf1e8285b74f22fcecb4bd1b005cffec68bc6a9f29383efe9d001327b1d136db8cbca75c4f6e21138e0a1c079925571
SSDEEP

49152:WRTTzoMSeG7rybphMIU/iroxHIvXmjOTDxOyEUg:WRnzrAe7ciIzy/g

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca000ad29577d0e3d611e90c10e2a0e45f4083a04230da8f59bc670c17a326dd

Files

ca000ad29577d0e3d611e90c10e2a0e45f4083a04230da8f59bc670c17a326dd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 17B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ