40c658f5b3e7d9d7c17002420f68309dd353c652966d84f0ce3eed14fde5fed8N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40c658f5b3e7d9d7c17002420f68309dd353c652966d84f0ce3eed14fde5fed8N
Size

171KB
MD5

f6ee5f8222a5ce82ccf9730380941470
SHA1

683832dba84dafdeef5dda7a02fbb8348181930e
SHA256

40c658f5b3e7d9d7c17002420f68309dd353c652966d84f0ce3eed14fde5fed8
SHA512

9507733079f20bc055113a1a7677fdd987e39ab5f08e8fd324cc272437226988530c9443c6152812d72df062c2d1f25dd739d4feaf27aedfd9ff6b2df37e2550
SSDEEP

3072:hG5rMlaTgOidzLWvI+MgrqxNebArAntnU9cIw+cMYm09:hGySidW9qTCArAtU9sM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40c658f5b3e7d9d7c17002420f68309dd353c652966d84f0ce3eed14fde5fed8N

Files

40c658f5b3e7d9d7c17002420f68309dd353c652966d84f0ce3eed14fde5fed8N
.exe .vbs windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dokumente und Einstellungen\Krusty the Clown\Eigene Dateien\Visual Studio 2008\Projects\ECLN 0.3.0\OpenSource RAT Schäding\OpenSource RAT Schäding\obj\Release\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ