c2864ee52071069f816df804ead547c9114af349fda2fcc6e2613e0e40110ae5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2864ee52071069f816df804ead547c9114af349fda2fcc6e2613e0e40110ae5
Size

73KB
MD5

d5d66fe631f3533dd146e03d480c1968
SHA1

e7aef05b1ddb98f5f1d7b797bfaef714f8ecb616
SHA256

c2864ee52071069f816df804ead547c9114af349fda2fcc6e2613e0e40110ae5
SHA512

67ba04ec06432143e0bf43eba63ceac4c9f191aa4cc46e3aba88af6154829c54f62b51938d7146dbbae1366835ee7c2226086749f32f5a06ba556986413b9090
SSDEEP

768:ZrItKyw5WHXfQmjIiIk9ecAx7pP1EPU96MyXPdtldE9bIIIwjkJ:Zr3Z5IfQmv81x7pP1r3yXPdtnyjs

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2864ee52071069f816df804ead547c9114af349fda2fcc6e2613e0e40110ae5

Files

c2864ee52071069f816df804ead547c9114af349fda2fcc6e2613e0e40110ae5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE