sigma[.]exe | Triage

Sharing

Reason

config extraction: Skuld_v2: pe: invalid address

General

Target

sigma.exe
Size

23.8MB
MD5

7b3b8c7ad73e483139127a259eedb39b
SHA1

8c8951d762a0cd2cdb6cc7ba3112d069fe95a4ec
SHA256

8f9b5cb5362dcbc71f288d310a67b65957a18e83c660078f6d32056a6077c7ed
SHA512

a4d1f60e6bced99b36f5057748ea1515eeccc7d4b1e64930063748c280c8f392962b079ab321e53cf8a366f1dd48ec79f28149a312e6d577f3cc3119d24c4056
SSDEEP

393216:V52BpDr3fdoc+5my5krGTONk+SBw7MSM5lMVFoga:b2Bp/7+0yBuk/BwJMzmFoga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

sigma.exe

Files

sigma.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ