ThTVTw9[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ThTVTw9.exe
Size

224KB
MD5

f055df9d6b1ca7b6bcf11b035dfd5841
SHA1

a54aa8032a43fdeae3c8af05c6ebfffd289b7078
SHA256

58eb61124de29473d6d28a92aadbffa8c4b615a94f20fba6ac2061c26ed41cce
SHA512

2bc314732883a16fc5dab4a3aa07f4bb0ca171b9df27218d30a0f89cc22f01bd948a80cee71849f40e068147731cfa5a9184268664d2561e99760bb4ac4d5278
SSDEEP

6144:vo0PoGi+jxoEMCGH/b6wCbellGb50Esb3Z6UZFnC6IL4NL1Xcq1VDfo9205iAK9:vo0wkoSGUKllGb50Esb3EUZFnC6IL4NQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThTVTw9.exe

Files

ThTVTw9.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

a)KN^)8
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ