downloaded-software[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

downloaded-software.exe
Size

10.5MB
MD5

09967d0414d1d6b5067e97545c69de5b
SHA1

4eeca30c47b2f0a2992edf6459264965a27ea8ca
SHA256

c3c5d6c758f2a99aa04cc6052fe9dfffa100d595a4d4aa2f46a564706a05db45
SHA512

cffe2f88dd50b26e0ca0f6c7369e18a6ba4397df383e88398c4de0a0d2b7b588a8cb203669140649b3a51ad0721507e009fd6f0863d37f427a89e394e3e6c95b
SSDEEP

196608:ZiAhAUINuOLS8G/39h+zfM2wH0gwQmPNZpW34OB8scLNBAg:xhArsb//H+zMVFwQm5WoG8hj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
downloaded-software.exe

Files

downloaded-software.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

KygP}^1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KygP}^1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RiMZoKGo
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.????
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ