5136d50e9f81ff968711ba86bbcc8490N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5136d50e9f81ff968711ba86bbcc8490N.exe
Size

110KB
MD5

5136d50e9f81ff968711ba86bbcc8490
SHA1

81eabb0f2e5b3001fb408c1a0b299e63d4f6bfe8
SHA256

37494844f95ab186d77b9fc9820d2aef63eb10ba5c6080bb731c3184e75c02f1
SHA512

94ae5e66187827b9479ca31f87c4ed15ef74cd14ff47c931acfa5d0946a7bb6b8ceac396b6e7e1f61669b58e5798f18da36e58aef997850cc648c404279e3181
SSDEEP

1536:AotdP2Ex0GscaaB9czWo9IWLJSftuN+0o6vuFEBmwV2i+CQ:AotBGGscaaBGqoFJKC5o6vuFEBmfJCQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5136d50e9f81ff968711ba86bbcc8490N.exe

Files

5136d50e9f81ff968711ba86bbcc8490N.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\cmoor\source\repos\ReservedItemSlotMods\ReservedItemSlotMods\ReservedItemSlotCore\obj\Debug\ReservedItemSlotCore.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ