远程端口修复工具[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

远程端口修复工具.exe
Size

192KB
MD5

6e1a411ef13713a8dc3c4accce911fd8
SHA1

ed75b8b9c3a6363ec6e0df96319f557319fa4204
SHA256

8feba8f988be79ca210d15e37870365bf1dcff56fe2edc536293f4152601d4e0
SHA512

e54bcef3bf22a1901fcc998e34364f7ece1bbf92473fd742e2d95b02d95c8ba8eca18428b88d80ada0df4a190699f7ae8440ff86654f5a007b7d2cf1d34cbeba
SSDEEP

3072:MIRCzD7HrjMhEG/QN97tcxzD7ZHqCEwyrjMhEG/QN97jB2YojQyUj7glLbW1dKrl:9U8pQN5OuH8pQN5P68pQN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
远程端口修复工具.exe

Files

远程端口修复工具.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\study\z3389\obj\Release\z3389.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ