Primordial[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Primordial.exe
Size

6.0MB
MD5

dde6fc687bdf56ad770e29e85078f419
SHA1

d27d09346230921cd4a5d90c6b2ee0db9d548c62
SHA256

c2068c3560f1ab5b7e39fd238cd64948882ec2b34d35f69ffdbee3b370278d89
SHA512

0418eb26ce7a86c9ef6134691371051a16f7cbc3f1e1e3b4151f0b217dafbc5eaef8703c81359de443136631aca6e81a84be585a5464f8f7b3f832a709e9a6d2
SSDEEP

98304:wiKscnNZkbxF2JPKavhVt4GviWHAT4iKscnNZkbxF2qglbTf8p:T6LOIK+1iWHI76LOaZL8p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Primordial.exe

Files

Primordial.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\patri\source\repos\Primordial\Primordial\obj\Release\Primordial.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ