HAH[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HAH.exe
Size

2.1MB
MD5

c73f91cb2d8d68ac31b29f9b72e380f3
SHA1

4109276d49a9fc491ee32cac1ac31854712d4a47
SHA256

1fc19c975192324dd25d59d193e476ae24c1695dac0ae75108840bfe2c7c4c31
SHA512

73172d3a099f1f0f4bbf1c4cf5e65cdc80d13e7194e45c5eacd924fdec983e952c24b72bacaedcb5cd84cc974935c2ca7cb137cf3f4ec7c804da7ef349be8284
SSDEEP

49152:3SX7m3nyHvKKPy7QoWRddBEfKNnPE4GAefImS:ia3yHvZPyT2uOGA6S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HAH.exe

Files

HAH.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ