logon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

logon.exe
Size

200KB
MD5

e44e2a6d0671e69309fa294ac31c742c
SHA1

8b53323565244c009c66db15852c89d1247275c5
SHA256

c2ed772b0b84790e98187db9718ea15df8deae70753cdc8f12b898a8054bbfd8
SHA512

773df28060130c345e1986237ee7db4e80557a40e8fb3003a18f1d8524bbaf8a0b9e83c91a266373581260cd1eb2e1de56b98af75b3ba43c1b4106cb7698a333
SSDEEP

3072:uLq7f0hslkps6tf5KybgMzIWefVmI3n2ybgMzIWefVmI3n2ybgMzIWefVmI3n8:I2B6tf54WQBXMWQBXMWQBX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
logon.exe

Files

logon.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\damia_de0etcp\source\repos\logon\obj\Debug\logon.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ