f0018760[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0018760.exe
Size

8KB
MD5

362f62e56464e89817d521d9885691eb
SHA1

1b304e0212f7ba35a22585e7b542c8333da46a85
SHA256

4b8039836c6e8701f3c97e3c628e2db04061135ac7a13df0546b0f6fd460f1cb
SHA512

c396b9bc57ced52b3a8d363a9ddee37dbab913731c8c8b7a551930b3ca0dd70675c72f9c689e4cdb9973a148a7d6574729f7f0a4ab84de01701cd6122f085c2c
SSDEEP

96:1X/1R8YUEdBirFCKtA2KdFKFlgk6DUoJ52QxMZc6uW07s:9T8Y5dUxCKX4Kg5DT5/6uWWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0018760.exe

Files

f0018760.exe
.exe .js windows:10 windows x64 arch:x64 polyglot

121f8912a67e9da4738bae806109e4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MsMpEng.pdb

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

mpsvc

ServiceCrtMain

Sections

.text
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ