rlgh5walrVUMJyT7[.]exe | Triage

Sharing

General

Target

rlgh5walrVUMJyT7.exe
Size

802KB
MD5

420361f15c6b5f83e2116a38dfc30be2
SHA1

667f02f4d72f15699a3438a48fe1a04b6d739332
SHA256

ca24c73a0f1820042d015e2d96c97c08a37cda6cda766e609f9e33970f269fee
SHA512

fe7159d8e78def63fd2dfc769277fd85ed6b65d21e2aada052304630af3a9746d007c924b03ce370e016b77ac61c465861b9e598acc5f08cb5f9dfd592f64b97
SSDEEP

12288:5OBUrzYDpGDWN74lZK6Jp61c9ZUBYJxnPN9/vs8:XXMpGy7GZK6JRZUGJhF9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rlgh5walrVUMJyT7.exe

Files

rlgh5walrVUMJyT7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

oXGUQ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 799KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ