e6739c170d8a3a9c3a8480f85e8137058ba5d75107a61a5078899197812db323 | Triage

Sharing

General

Target

e6739c170d8a3a9c3a8480f85e8137058ba5d75107a61a5078899197812db323
Size

638KB
MD5

d701882d6226843e2a525ba3ad0efffc
SHA1

beb341bff8657684ac0b58ff241d0195c672ab4b
SHA256

e6739c170d8a3a9c3a8480f85e8137058ba5d75107a61a5078899197812db323
SHA512

1e4ecd4526d247429337e41c5f4bdd422d45c64e63f65bbb42c08ac60801cee09a8dd1804be29277edaf71de2da8f20d1b30a5e4b4092e7d77af51882dae7632
SSDEEP

12288:Nr89XB/Vd56BKTqELIahkkkkkakPwJqLHkD:1CXBEAJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6739c170d8a3a9c3a8480f85e8137058ba5d75107a61a5078899197812db323

Files

e6739c170d8a3a9c3a8480f85e8137058ba5d75107a61a5078899197812db323
.exe windows:6 windows x64 arch:x64

80ad47f8be2e3f017736c4b45d5b366b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_i_r\WindowsPlayer_player_Master_il2cpp_x64.pdb

Imports

recroom.exe

AZGTMS

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ