mesquita_protected[.]exe | Triage

Sharing

General

Target

mesquita_protected.exe
Size

11.3MB
MD5

e5c8cb67b695bb7d8caa6c7884ee9f13
SHA1

c99997e430a38fc9101b1fa311e6a6022f4bed6b
SHA256

0cdb7065b5a3c8dd36eaa42969722cbfe295d7a9366f63c9acd9bc17cd90a182
SHA512

c012511b396f7ce3283e48209c260007569b20c4bae50df17f4d0c1a8e4425d6fd9ad3447f56e52b02af5339343466c131d38b0b363d5ffdbdee8952296385e3
SSDEEP

196608:5TMleb5lnNaJA7xIzIBnr8QTGrDtB7wCiBMJZj+oSpGgSIkQKgAPu1Ft:trbrnQJAFIzIB9G9iFMf+oSkgBL1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mesquita_protected.exe

Files

mesquita_protected.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.spoofer
Size: - Virtual size: 15.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ