x-ray-malware | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x-ray-malware
Size

22KB
MD5

a1697b43f2182b8866a55803ed199d5e
SHA1

c453a32bbdbdb1ee66fcf2ccc42867ff45bcf28f
SHA256

8bc40450e04fe6b704eb6b973afed17c36160f55ac48f9a0b5b9034dd33157db
SHA512

4208b9c9641b0d9bfe725a68734709b7bdab14443936674fa5243e0f633a4c39066ad4bc40cc785288bb6022d4ca12e3b213eea0aa3e1cec1f61a86b1801dba2
SSDEEP

384:oQqzRI5dqUQIQC4C4SP3UeYa0x6haOjnybWzXvxrbZz23i96lsZiWKLk:oTUrS5S3UeYaJsOjnybWvKOXIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x-ray-malware

Files

x-ray-malware
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\johnh\Source\Repos\pwncat-windows-c2\stagetwo\obj\Release\stagetwo.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ