decoded-ray[.]exe | Triage

Sharing

General

Target

decoded-ray.exe
Size

22KB
MD5

488871cdf97f74d4ffe5c9be0a5cf193
SHA1

307456521114b3ffdc0cd6a6c8077babcdfd2166
SHA256

8780cf5af7e12a03884893de39c035849ec319eab0fc332e06d47390b9590b41
SHA512

52412a5ddcf1e34c5583f678c19b1dfceeb552a2da8d35af3a7c4ec6f3f910fbf9e8dd15a8fedc8f2e528320b56d0f82ac66597d35f0456a85275a55a0073ae7
SSDEEP

384:oQqzRI5dqUQIQC4C4SP3UeYa0x6haOjnybWzXvxrbZz23i96lsZiWKL:oTUrS5S3UeYaJsOjnybWvKOXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decoded-ray.exe

Files

decoded-ray.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\johnh\Source\Repos\pwncat-windows-c2\stagetwo\obj\Release\stagetwo.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ