b6d17c005834466197d499f5312c6295bca0d964f628a84d75d70ce63ae2298d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6d17c005834466197d499f5312c6295bca0d964f628a84d75d70ce63ae2298d
Size

592KB
MD5

4b47015d2156f31e7e3c4d325495453c
SHA1

3b4b0dc24fcf39d9d7cc4cd9a95f6f202876b7a3
SHA256

b6d17c005834466197d499f5312c6295bca0d964f628a84d75d70ce63ae2298d
SHA512

147daa2717c40ab088ff131ecad14b1cfdd72e1fead0a387e63d113bb3658fa4e8349ed58444b5b405f32aaf95d60f4abc14a167b43ab44f227072ad8ebe15f6
SSDEEP

12288:bi8ph0qGAZlxv9oPGF+thjqthDGUNmM3hqn6ObRHZQhrnGdAEprIY:bfphLhoPWaMZh+6OFHZQhLEprI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d17c005834466197d499f5312c6295bca0d964f628a84d75d70ce63ae2298d

Files

b6d17c005834466197d499f5312c6295bca0d964f628a84d75d70ce63ae2298d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\20121207_tr_r3609_RoomAppPlug_Note\ChatHall\ReleaseU\ChatHall.pdb

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ