4ff658db288b5c6c495db1e48d9d2410N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ff658db288b5c6c495db1e48d9d2410N
Size

6KB
MD5

4ff658db288b5c6c495db1e48d9d2410
SHA1

091d5ba0a9138c91a07ea57bd889a562b3838ed9
SHA256

b74ddd16225dc504a0af35255af3589c3289c8242e4af91dd3d6ad365d58c3a8
SHA512

45e76a839eff9f061f7a4a605b1af16c5713df7e98e872c13d03810e7618fe8e9999f660ce76f6aa55302f64827442241addba7dbc3db2704e9ff17dd5514693
SSDEEP

96:LoR1bP2v8wdROMuHgLIlRThPCKcvLvwzNt:Lo0dRGgclP90TS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ff658db288b5c6c495db1e48d9d2410N

Files

4ff658db288b5c6c495db1e48d9d2410N
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Tools\osep\scripts\shellcode_runner\shellcode_runner\obj\x64\Release\shellcode_runner.pdb

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ