Spotter[.]zip | Triage

Sharing

General

Target

Spotter.zip
Size

23.9MB
MD5

f8d4d80971da76d42659428eb6859228
SHA1

978cdee2903a44d5f330204ef992dbf6269adf1e
SHA256

c1ce2e4363fa6eeed81d32dae338ebcddefea22d484b30795882f52a86c4fd0e
SHA512

851506fbb8e651f3cb8798ac459b823542722b7486272ad71c473cdf976c0424293f1c94ab987afb5d7a54071b8291bc77693ec4ab40b5e40f921c67ab98cd39
SSDEEP

393216:H4zUFag2wA3kWoGhbZV9W70ZNsRHztISaUHysd4+dHXOdGTUcCTKmSH:Y4+3kjGNZu0ZNkBIS9H14+deKUntSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Spotter.exe

Files

Spotter.zip
.zip
Data/key.cio
Data/settings.json
Spotter.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25.6MB - Virtual size: 25.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ