pc_ | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pc_
Size

12.4MB
MD5

3586b224a5fe8a8869696d4db5486821
SHA1

1e36bc0aea172e2df390fb911e7a64232d7c3890
SHA256

4a5c54274d72f7d44c8d0eaff00f9b05779a26621e70d9fcd7e1222f0918e7d6
SHA512

565cdae9ce915a656cabe8ae2795581128600b4e921fed925dc9f573377c16519ce241973da8a77033f262c3b64981dd81afa981b2c47b7cb02a171d4ac7c499
SSDEEP

393216:jimQw49aa6n0wvNcjiKnUf9O+j7pdCWSapqx:Rm9avntvNcjiUUf9OKpdCna

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pc_

Files

pc_
.exe windows:6 windows x64 arch:x64

fd8256a97ace20fea13d55484588685c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

ReportEventW

ole32

CreateStreamOnHGlobal

oleaut32

CreateErrorInfo

user32

LoadStringW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

strncat_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-convert-l1-1-0

_atoi64

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

asinhf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_unlock_locales

api-ms-win-crt-filesystem-l1-1-0

_wrename

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics
g_dacTable

Sections

.text
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Section
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ykwe0
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ykwe1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ykwe2
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd8256a97ace20fea13d55484588685c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

user32

shell32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 6.1MB

.CLR_UEF Size: - Virtual size: 221B

.rdata Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 127KB

.pdata Size: - Virtual size: 216KB

.didat Size: - Virtual size: 56B

Section Size: - Virtual size: 8B

_RDATA Size: - Virtual size: 77KB

.ykwe0 Size: - Virtual size: 7.9MB

.ykwe1 Size: 6KB - Virtual size: 5KB

.ykwe2 Size: 12.4MB - Virtual size: 12.4MB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 6.1MB

.CLR_UEF
Size: - Virtual size: 221B

.rdata
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 127KB

.pdata
Size: - Virtual size: 216KB

.didat
Size: - Virtual size: 56B

Section
Size: - Virtual size: 8B

_RDATA
Size: - Virtual size: 77KB

.ykwe0
Size: - Virtual size: 7.9MB

.ykwe1
Size: 6KB - Virtual size: 5KB

.ykwe2
Size: 12.4MB - Virtual size: 12.4MB

.rsrc
Size: 2KB - Virtual size: 1KB