SpyNote[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SpyNote.exe
Size

727KB
MD5

48e1bf0b6df63a18187e57348b06ad7e
SHA1

605402f1d2ce5a04dd205412ab9edd8f90261967
SHA256

8e154ba521608bcf09bba26189e9e1bf86cae70ef7f283579518a641a0ea955f
SHA512

54dd1dd4d9e2c7a849fe7576f66870978153976e05b029246ebdf8ae43a70a390c9377296d34dd439530609a42047d8bb8cf6be9a1bb7eff9c4e9d91f5041233
SSDEEP

6144:Q39tSgm4Z+0iwarEl7hN0pQPXegq1yMX3Uhq0rHg061pXsml7:QNUgm4Z+0dFl7hNWEXegMMq11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SpyNote.exe

Files

SpyNote.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ