Empire BR[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Empire BR.exe
Size

1.6MB
MD5

55157655daf10aebfd0156be2fb4a4e6
SHA1

feab684b183b5a445e200c5b97e6a878cd43f887
SHA256

2dd09d6952b25595508e14d31b0da14eb7da0296aebce02bec6bf65ce8671201
SHA512

01b27178fad4cb0db79b9966c4826f6d7b7d9ba3669cbf6a0dac968798c3d4f8b3dc731b6c840c43ba78a9e9be4c1db98ac9845e6b1a76e6fceffc60f09eeaf8
SSDEEP

49152:b6eWna1BAsO/vT+/UolYzRY6eWna1BAsO/vT+/UolYzRzDP:WeWbsO0UolYd/eWbsO0UolYdzDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Empire BR.exe

Files

Empire BR.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ