9QENHrOITU[.]exe | Triage

Sharing

General

Target

9QENHrOITU.exe
Size

2.5MB
MD5

0ec4b9b5f2c28fbf2492589a344b8664
SHA1

ec46f875687fbddf48290fd117a40750d510c837
SHA256

eb8966926eb86c0b7207bcbeb56a8540c88f3b4c002e8778405fb16c645ef286
SHA512

95e047410b7ba7a8f929e9d9bec1b7da87c863094651f65b5940d7217faa0101316d019e1965f82ee2cdd7d4004b08f2169a5bf5d9e42df57dfe344f4f24e7f2
SSDEEP

49152:8qlpNm4Bp2nYepwO931BH779cAvWodI2AezUBTwkVZi9QyLdmeDR2sbP+u+S9G+:ZbNzp2RlXveIwNEeypB95Cu+S9G+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9QENHrOITU.exe

Files

9QENHrOITU.exe
.exe windows:6 windows x86 arch:x86

2fa53ed9dab67c2a24c9c12a69397a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadImageA

ole32

CoInitializeEx

Sections

.text
Size: - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&u,
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.0c{
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^s,
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ