OrsHCoYUts[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OrsHCoYUts.exe
Size

20.9MB
MD5

670e1d89c827f0f8e945b057bda452a5
SHA1

598807cea42e785115226ebc9a2d43331d98a897
SHA256

c828ed2c9541ff03a0f0e4410f9cd0cddffe54223962c98f12c6052bd2fb5777
SHA512

93da1bec7f05c7973122009df956d34b086073c2057a1e4bc7f89ff82896819f4d2c2412c1ff3356e4ec963b6eff5d01f9b5c9e94ee8a8668939719e62432a2c
SSDEEP

393216:EAGWCWJRTp28+aL5M0ElEwaPLlHUilTYmY7BSSm/EdVAV/eTeHYt:EAxO8+aLC2waPLlHUilLrlEdVG/oes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OrsHCoYUts.exe

Files

OrsHCoYUts.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.5MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 404KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 83KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 88KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.btyn
Size: - Virtual size: 30.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.5MB - Virtual size: 3.1MB

Size: 404KB - Virtual size: 1.2MB

Size: 83KB - Virtual size: 164KB

Size: 88KB - Virtual size: 161KB

Size: 512B - Virtual size: 244B

Size: 512B - Virtual size: 488B

Size: 17KB - Virtual size: 41KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.btyn Size: - Virtual size: 30.5MB

.boot Size: 18.8MB - Virtual size: 18.8MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.btyn
Size: - Virtual size: 30.5MB

.boot
Size: 18.8MB - Virtual size: 18.8MB

.reloc
Size: 16B - Virtual size: 4KB