fed7384a161430f943366358132738e0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fed7384a161430f943366358132738e0N.exe
Size

50KB
MD5

fed7384a161430f943366358132738e0
SHA1

f632019e0667303ab6186839d001904a0ae646cf
SHA256

e69a9337d13e90aca6810e4c3746b771c69f676690976c2dba6f4b45cf068abc
SHA512

1b741023be6840c53ccddb45dcec1443dd747ed85101c960ea1dfeb8a54d3790b3ee6e648b278e724cbef4fd4560844984292422337b2d7bde986b44f2aeac60
SSDEEP

768:GPOALzklgYfl/hcRy8iWJbJLyUbL7HNspKjy0PTu5:GPOKSD0JbJOUb368Lw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fed7384a161430f943366358132738e0N.exe

Files

fed7384a161430f943366358132738e0N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Projects\Snooze\Snooze\obj\Release\Snooze.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ