wfilmorav13-zmco[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wfilmorav13-zmco.exe
Size

38.0MB
MD5

3f858542aa2e110cf5af6b4eef4feaa3
SHA1

1345627572c04b9f78dcec47077dbfa00e4e6d3f
SHA256

dd0fbb92bd62845ff9029052b3056580d7ee45c64d77e6af0273e3cce090b89e
SHA512

c0e9224fbcbac5b1035ce2664362198988cb848dad5191d3e84eb5bd15baddd839463d69d2b27dc20529f929bd6c36f272602d0f6e852f51569c57f4c746ae62
SSDEEP

786432:wJ4GOSeG3Kfl8OcjJHVOLmMHryc/DN2Jf5Fpn8MTLAspqTK8vfcxLco:/GKGafvAVam4hIJKeLAspqTbvfcxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wfilmorav13-zmco.exe

Files

wfilmorav13-zmco.exe
.exe windows:4 windows x86 arch:x86

Password: cgpersia-zmco

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37.6MB - Virtual size: 40.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 312KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE