19618db8c8d4d6573828826d31b16660N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19618db8c8d4d6573828826d31b16660N.exe
Size

904KB
MD5

19618db8c8d4d6573828826d31b16660
SHA1

c23c6756c8c1ead9710cc5aadfc9707bed435af5
SHA256

b8b8372734501609ca130e73f444b81e1db074d82526a387c1166324dd7d47ff
SHA512

02d56b05cd998a1742e5513503183980d8532d89b85b6755805bfc6b9a97d9249e7568aa9ea5c2f6924b66054f174483b929dc3f585c3665da4ed9be523da330
SSDEEP

12288:sbhnmta5UML9rPYQ7UuHyrAuc8JkNkWRb03p5Krph27hnvVNizCy:sbhM29rPYQ7UuSrmVle5M27xvVkzCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19618db8c8d4d6573828826d31b16660N.exe

Files

19618db8c8d4d6573828826d31b16660N.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\jenkinsdata\workspace\pctool_1_11-webde\SyncDotNet\Branding\Branding.deDE.Web.DE\obj\Release\Branding.deDE.Web.DE.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 902KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ