617479_ej6hOo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

617479_ej6hOo.exe
Size

22.7MB
MD5

1336883cc78c2270042bffda353231e2
SHA1

cebdfc74267fa93b5dff174456c3fefb0acd0167
SHA256

e13a41b0a1762041c8be4263f08c8f6aeab33d1a049455ac8a3fd57487b636ff
SHA512

78997561040315d9547741e19818092f8c48deb4a3542dcf0f2b2f6238ca70b43c539473e4863f2f11709b888a053da7c687fd0f2197a35b73fb87c021eb2f65
SSDEEP

393216:3FrRwIi2C/F1KFwu4/UwZRvBjseYZ6jEJOXqeHfX9NUTLuAbf2fN+0eOMPJZ2F0G:3Frnl+1O1zwZ9Bj66jUOaqtWTLVbW+0O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
617479_ej6hOo.exe

Files

617479_ej6hOo.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l8yr5a
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9amd
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fmt1
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 445B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ