Espense[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Espense.exe
Size

572KB
MD5

2b271252582156e43b14aa1409799b9d
SHA1

c413a9c873a3af0383c712d6863d048ee5afc4fe
SHA256

e09f415195e972551c2662fc1df76e3b5232f97d67bf3ecdef6bf18be102c6c9
SHA512

290a265dec48ad1172878a016bb2dd4ce76dabc7ce66ad6137d805a22e6b3ccb715a29f1a76ac5450b84fe403f0e3a4b00cb4a5cea64d0b54c18bef4d187bfc5
SSDEEP

6144:09/C1lSvBRWS4hEl0AiM9IfZxhDywTFLGyxKgYpvj4NJRX4qoUkZtIyKOP92f9pP:0Aur8I0vFMr4nR4jUAqbQwpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Espense.exe

Files

Espense.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

B6i1[:pB
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ