85db4ff393dbbb1e793ba77c65d2706d72ae9e62ee4acea1166832ae1b2387e1 | Triage

Sharing

General

Target

85db4ff393dbbb1e793ba77c65d2706d72ae9e62ee4acea1166832ae1b2387e1
Size

4.5MB
MD5

68089e069c4f3c0c9c1e047f1f37b31f
SHA1

7ba1b2985877a270e5ef82ed74cdab92a8116cac
SHA256

85db4ff393dbbb1e793ba77c65d2706d72ae9e62ee4acea1166832ae1b2387e1
SHA512

d40b6f442f7cd34b8cd10af4c1f657e6146065c6d907642ae24ffba73999b8d3be1643da448e17b249cde94c8594f6ce3646294a4d1011f588ac2bd4ec810471
SSDEEP

98304:19PEbz3oAtS9Jjn1taiANKXf9EiDUnFowsneAuaE7rmVSz8FFV:19cbz3oAQJ+ijEiDyFowyemE7nuH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85db4ff393dbbb1e793ba77c65d2706d72ae9e62ee4acea1166832ae1b2387e1

Files

85db4ff393dbbb1e793ba77c65d2706d72ae9e62ee4acea1166832ae1b2387e1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.3MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE