fe251ecc9fe9d12944798987f15263de6514800027fa3664d97c4006d0596cc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe251ecc9fe9d12944798987f15263de6514800027fa3664d97c4006d0596cc1
Size

5.8MB
MD5

635404adbc0233bdb92672beea85bc94
SHA1

8c954ed3575a65ba1c08b3c1c2a8f6fdae593663
SHA256

fe251ecc9fe9d12944798987f15263de6514800027fa3664d97c4006d0596cc1
SHA512

a37b315c1ee6e97fa4ace37d490e4d34f21b13bbc7a69f24702a49322f80a719c60f5b860acf6766203c17b373a0742fad3add803ba36bdee4d74896b2d19105
SSDEEP

98304:vBeJKcJJqubZZTRvp5WWJ8QoWnB1ELxhdiVPTKgGVK9OOyM7cyOReIdY:peJKcJJDlZTFWWJoW7Kxhd6TXdD7OR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe251ecc9fe9d12944798987f15263de6514800027fa3664d97c4006d0596cc1

Files

fe251ecc9fe9d12944798987f15263de6514800027fa3664d97c4006d0596cc1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.0MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE