DeadMother[.]exe | Triage

Sharing

General

Target

DeadMother.exe
Size

188KB
MD5

be20362899c63a2e226cc67cda7f5424
SHA1

7291bd20881b9c783cd351a260126928b135234d
SHA256

5f3f4a9cb621d8d2f2fd43db2c26c015dc5ae3511642932ccc0445a894c6cb13
SHA512

47db99b76c62fe3fe69162bd4f2457da6c4302cba778a44190b048755a9220394c0dd6284555b271f69eca72782cce39324e37999ad1f2566de351bedc47bdbe
SSDEEP

3072:8/GAsDv+B0CYK5TTYiNvWTBog9yNX9+xCXDXxU4TUEJ9DRM/EiTeHq1c5YTZ5t1:8/+DvsRJ1Yioog9yNXMxCTBNJ9DRM/EO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeadMother.exe

Files

DeadMother.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

AQx&k
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ