x-ray-orig[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x-ray-orig.7z
Size

9KB
MD5

b83007f5f8ba01160eb80a261383141d
SHA1

25fbdd83f57c04801a11650604bc2dcf08f9dc62
SHA256

80ad61b4884b769cd62e17d7cf88362b136af1c1a5e1a1badc68bc1476cdeb3a
SHA512

9412c33d9f3be60349b3f3c208fb9e67961df6d79b43857c33d84e4f66b473de5d0a5135f896b1fd189c3339249744cf009580707a381bfa08cb31466cb814c6
SSDEEP

192:RQQTxav4wGNs3rC8Wv7IBAQ1N6NaHazDb9et3Y33:R9xU/0s360BVrVKb9eNU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x-ray-orig.exe

Files

x-ray-orig.7z
.7z
x-ray-orig.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\johnh\Source\Repos\pwncat-windows-c2\stagetwo\obj\Release\stagetwo.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ