attached PO[.]exe | Triage

Sharing

General

Target

attached PO.exe
Size

687KB
MD5

58c75c0c7af1046ac9db4f446765f213
SHA1

6409a5dcd59c36fde2cddec428f22286bd4dc3b0
SHA256

b0f1c4f3d4d3dda1a8c8ee81ecbde9a91fa3923058c13ac69dc572193252e0a2
SHA512

e557ae7f1e5d5fb8d5a1cda4b15de2873d1a49d99b41d2a9f5a2da1ab7511dcc6b512180e3dd1cebf42d042efd953edf32960e3ee29aa1957e227da8694a670d
SSDEEP

12288:AlLyWa+k0NoZzDHVZpPpEmRYlNqWQd62TMd5LfyuvGYec:Ok0WZfXkm8LQUbBN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
attached PO.exe

Files

attached PO.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tKLg.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ