m03_01_second-stage[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

m03_01_second-stage.bin
Size

2.6MB
MD5

2dcd4321d66835c93ab639e0a815aa89
SHA1

b64d8ce65167c4aeb7770fd0dfff0731e277bfb7
SHA256

c1cdd7c48bfe05770693c121b8d8336d35742004b49e90d5bfe13afd410b662f
SHA512

2e5412f7cac2742fd18ac01d8e771b4ded2a7b03a89068ee4672ad2636edd0f516fb2edf5261f33f42f353ca7601d462524ebbfca4193fd13bbd518911ae2cb2
SSDEEP

49152:jSFsY3t92hK6U4dcS4a+9nmfAWMTkbJCq:cvio4d3u9nDCn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
m03_01_second-stage.bin

Files

m03_01_second-stage.bin
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\SxrNPBLB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ