download[.]exe | Triage

Sharing

General

Target

download.exe
Size

30KB
MD5

30200ea12d64b56c9400ead87ccf6d90
SHA1

b26d8e3b0eef084120b82230251d060a2545e1c7
SHA256

a74d0082dd68c3cd189c5cc1db83274b5309492c1af74d157143867bb440363f
SHA512

1e83e63d36234506aa5223d914a4ab043db911f47b13ae16321c8776c04b9267a6e85b6a42ac9afab246a6786194c488022e7b3f0ef8fc28ce22b59c224406d1
SSDEEP

768:11Pp3+9tAUKExs44HrHtvmSROHlt/bHMRnxVEhrDeM2THp8:V+XAUK9LHt/Y3HK+vep2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
download.exe

Files

download.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Etzin\Desktop\RAT\CRIPTERS\CRIPTER SPAM\Source code UpCry\Metodo DF\ClassLibrary3\ClassLibrary3\bin\Release\Obfuscated\ClassLibrary3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ