jm5a8zk[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

jm5a8zk.exe
Size

180KB
MD5

e9690e31f91ff9f2f9230259e5b7e224
SHA1

097248dd6f2810862935a80eac565ba1b9b8dd42
SHA256

e941f5a30231bf8a99ca1a9ad24645f78f0c9add96ea1e06c18b372fd57ba132
SHA512

f478c54637318215ef2816fdbc7b1e43146d92bb9cb6182337be1d53255a7d79bf416b9f14258df582b1bda30228cd85bcddf2be2d0a82cc05a661c597732c7e
SSDEEP

3072:BhDbWefdEtbAvklCrA56tHdpUI2nv5xzpCEtbAvklCrA56tHdpUI2nv5xzpaM5rw:Hatnl5AdpXILtnl5AdpXIkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
jm5a8zk.exe

Files

jm5a8zk.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ekfni\source\repos\WindowsFormsApp1\WindowsFormsApp1\obj\x64\Release\WindowsFormsApp1.pdb

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ