KING_BOTTLE[.]exe | Triage

Sharing

General

Target

KING_BOTTLE.exe
Size

105KB
MD5

5ee059c0e66dbcf5eaac208829cf73fb
SHA1

4582948195572f2ac0428bfd0cb1708bf7297d4d
SHA256

873b8992d43241a737721a289679e2c51e46ce705b5b74fd1df8e4062d7892bc
SHA512

5b6b543072c73ebcc71ab9c5da88a288df0d6e3cac4828e9627440768e5a52e8b7493cba7d4bfd6aee17158665bdc92cda3dcd5e3967d88495aed8245c155cdb
SSDEEP

1536:/cp9JeddKdZ9JImr2RF4a9ZhH3D3LKvGHsmt7y/gXqzKUJC9TCw0llAnJ:12jlyRF4a9ZhrIm9qHJC9TCw0bAnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KING_BOTTLE.exe

Files

KING_BOTTLE.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ