eGPvLeS4yrLoTSlG[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eGPvLeS4yrLoTSlG.exe
Size

1.4MB
MD5

b52fc22a484fe0734888cefec9f68bb0
SHA1

d9a662cbfef19fd9fca979d6fae9f74653123d74
SHA256

21eb8492cff48831222782618fba4406d50417e5e1fd24a0653aa5627f6494e4
SHA512

77df08e0abfed3d224d3d0e92a8caa38a181f3c5ae628fed55f68825aa65557755166ff935c7225959286ae8c4bae219066c607d0f0c1fee15b74ebdcae43dec
SSDEEP

24576:PSXx8UUb9hwRqVE4ICWC/PzZZ20e/wlZfwCuFAKOazcBUvub+ndVtuo0l/:PSCj/OquNCW+9ZZe4DwCkAnUg+nde7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eGPvLeS4yrLoTSlG.exe

Files

eGPvLeS4yrLoTSlG.exe
.exe windows:6 windows x64 arch:x64

02ab29e4f8baf6c4b4c8a3c2ab7511f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA

advapi32

GetUserNameA

shell32

ShellAboutW

user32

GetMenu

Sections

.rsrc
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE