Medal[.]exe | Triage

Sharing

General

Target

Medal.exe
Size

156.8MB
MD5

044a9840e86d357ee1af34b6edc69691
SHA1

cfeda270a6a549d3d6236b26856de6c00dcf9757
SHA256

efd47979f7ea234efd296e6c8e13eaf5b165214641305d125192039a70f97174
SHA512

ceb927bf5537dc32d95742e5cdcdaed6eca8a73f91e44499287d71ab96d60ebf3c4bd11533ff47543c8431221e4d575a62a4a83795c0ad10e2ccca9e16ce745e
SSDEEP

49152:imWUbpezrZ7ovvJjDaOyL70nS4pfVkqgy6r3ajMrBm6w30Ii5IG95ZVrxONw1IDM:imBpMlavJjDax7K5JEyUaQdmDDVmBp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Medal.exe

Files

Medal.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 127.6MB - Virtual size: 127.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29.1MB - Virtual size: 29.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ