physmeme[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

physmeme.exe
Size

361KB
MD5

d6edf37d68da356237ae14270b3c7a1a
SHA1

37fcdb2a0fb6949e710a7e64e181993fd4cbcb29
SHA256

d5f6f3242c601e85eedff04cd45947f7890e908e51c57f90521eed59c8088b4b
SHA512

01ce470a7d19fb9e139c038ff5dd30b6d85409a87b298ae9d3106b5e2ef8712c0d7fc7e4587886dee47db040033b9d2d591a0cafc0001461a0dc07338f0baa21
SSDEEP

6144:uFEE0IJwfawOmaDOEFI2FSCsPOjygLxkxweCyxORzX7rIh0uUWJZtwCiDMf+egqx:uFElvH+KEFLSvVAL7rqDtAIfiq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
physmeme.exe

Files

physmeme.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rje\tg\k5ye\obj\Release\Fcs.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ