nonagon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nonagon.exe
Size

23.4MB
MD5

e7864303eb73393eaf5033d3457cd339
SHA1

ac559c41d3f6f9132e99d11df47813929ed3c3dc
SHA256

c9c0816129ebe76bfd0d6b5088cb936dad1d2c021074e3f248b40b46ea76d733
SHA512

c54766aa70047c8928e0990cf48565389e6bdb7ab9f2f480eb2823c90f11f9a6eb212ba29df63461813eb6a530320a5f79472c68bd3b938b75f2776e7de61341
SSDEEP

393216:mIHjWR1dDMpsH2E36clSPbM+B0g07C8lS5yD7jz0k+/vi7KpqUdBfFpoMz:o1d4deVlSPWgduYsov3i7KFd1F2M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nonagon.exe

Files

nonagon.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 22.3MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$GEFE*W
Size: 914KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE