Source: 6LYGpddoz7.exe |
Virustotal: Detection: 29% |
Perma Link |
Source: 6LYGpddoz7.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: 6LYGpddoz7.exe |
String found in binary or memory: http://.css |
Source: 6LYGpddoz7.exe |
String found in binary or memory: http://.jpg |
Source: 6LYGpddoz7.exe |
String found in binary or memory: http://html4/loose.dtd |
Source: 6LYGpddoz7.exe |
String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/ |
Source: 6LYGpddoz7.exe |
Static PE information: Number of sections : 12 > 10 |
Source: 6LYGpddoz7.exe |
Static PE information: No import functions for PE file found |
Source: 6LYGpddoz7.exe |
Static PE information: Data appended to the last section found |
Source: classification engine |
Classification label: mal48.winEXE@0/0@0/0 |
Source: 6LYGpddoz7.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 6LYGpddoz7.exe |
Virustotal: Detection: 29% |
Source: 6LYGpddoz7.exe |
String found in binary or memory: depgithub.com/docker/docker-credential-helpersv0.8.2h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= |
Source: 6LYGpddoz7.exe |
String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> |
Source: 6LYGpddoz7.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: 6LYGpddoz7.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: 6LYGpddoz7.exe |
Static file information: File size 12568481 > 1048576 |
Source: 6LYGpddoz7.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x974000 |
Source: 6LYGpddoz7.exe |
Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xb72c00 |
Source: 6LYGpddoz7.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: 6LYGpddoz7.exe |
Static PE information: section name: .xdata |