bal[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bal.exe
Size

315KB
MD5

4003334eb39d0bf97af6c36046f76348
SHA1

1e97a5a78198ddcd1a48043fe6ae5d5d6120c1ea
SHA256

50f626ecb3f2fe4295721eee4dfd7a3f24e334776957987168568236e975a5e9
SHA512

f2e091cc6c4cc39c3bb37d54284f0d89882b5579e01823cf4a20d6c5a261e9bcce8b61e2d398186054e3aa6350443c5a00baefb902752187ef2e5ba4e16026a9
SSDEEP

6144:rUWIiAKbOgLE87WC4lLpccWa44osTBFf1z34TphOwdO6ZTunn0azX6E:rxAKqg3DIlc3jszfupndA/6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bal.exe

Files

bal.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ