8700ba9bdbf5457a27a7651fc9a0d66b[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8700ba9bdbf5457a27a7651fc9a0d66b.exe
Size

10.9MB
MD5

8700ba9bdbf5457a27a7651fc9a0d66b
SHA1

2180d3d22e21010131e7558e47f98f796a39675b
SHA256

92491612cc018afb80b2acaf7ef1a29546df39e0288f92e4524e64a216f302d2
SHA512

ee53a5cc76af5ab7bfddeef2bbec9585157f5405b0ace91c58fde37d1a511dbae463ea6944ea36aa461bcaf57f6d0293ece9ccbe9bdcf281ab224cd7696fefd2
SSDEEP

196608:taPnVyfJzXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCCvchz+xlXnwXAaGueVWGJ:4PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRM

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8700ba9bdbf5457a27a7651fc9a0d66b.exe

Files

8700ba9bdbf5457a27a7651fc9a0d66b.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14.2MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ