MicrosoftAuthenticatorDesktop[.]exe[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MicrosoftAuthenticatorDesktop.exe.7z
Size

1.5MB
MD5

622622956e2baddf0ca4140488ccdeb1
SHA1

ab86022295c77dd9c300923b6bfd0fa55c427c2b
SHA256

ef3bfff8c19c7c3a7fca38ce67aa5d2fccaa365311d541dcafdf6da4e61fbc01
SHA512

c70cbe67765ca0584cc847ea7f5726f07c4a25b22f7dd54d8e879f4bd86e970064df203d539d4bfd7227fd449d4d9f728bc2dfd1c624c0468cffa7ac960bf7c9
SSDEEP

49152:5cXuql7wuRYoaApNoxTYVnw+QClKVdH5S+eQ3dYsHv3ci:PqhxRYjMNown+ClK/5S+V2sP3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MicrosoftAuthenticatorDesktop.exe

Files

MicrosoftAuthenticatorDesktop.exe.7z
.7z

Password: infected
MicrosoftAuthenticatorDesktop.exe
.exe windows x64

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ