ed6226351d2e76db940c4e3fefa77a3b9d3820641f0a94c448dfe8ae71282c92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed6226351d2e76db940c4e3fefa77a3b9d3820641f0a94c448dfe8ae71282c92
Size

15KB
MD5

9f8fc461c9e0ce8960f1c7d09803b38c
SHA1

cfc86ab88333a6b76f42c8bc40e95ea3909cecc9
SHA256

ed6226351d2e76db940c4e3fefa77a3b9d3820641f0a94c448dfe8ae71282c92
SHA512

41b7913e42dbe792aaf4f7031256ae2eb0ab4fcf69c617e657bacd5f915401f56856a3cff338d0a494f8b8d9afe1a3a2dff944c4ffc963489e0f0b7bb8897a35
SSDEEP

384:5b4p12TQslbbGqVaCbtLtReagUDVJX3nL:5btQsGIb7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed6226351d2e76db940c4e3fefa77a3b9d3820641f0a94c448dfe8ae71282c92

Files

ed6226351d2e76db940c4e3fefa77a3b9d3820641f0a94c448dfe8ae71282c92
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\192.168.68.53\Share\ProcessHollowing\ProcessHollowing\obj\x64\Release\ProcessHollowing.pdb

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ