BypassAddUser[.]exe | Triage

Sharing

General

Target

BypassAddUser.exe
Size

8KB
MD5

201ebb467e02e63242ab4e0a21576f52
SHA1

8c04afc6607f657f3c66ebd104a38e5105a4bbeb
SHA256

f49651f69f442cc4e54941b1bbfa53c3bf2680e889963dc1e2b3e8cb82695b09
SHA512

50c96941fed65237dd112a179c462c826e86d872b34c3ad0282e8ba97012af62cc1bdb36babc4fc31abfcbb8b6ac010d164df8349e1ec049abe6aa15c5c27aaa
SSDEEP

96:qMo5rl7KQ2mhmazKA7W/O/z52OLD3IPZwl/LUOgof+tDE+hhezNt:To5rleQ2msarMO7b4OxozTBE8m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BypassAddUser.exe

Files

BypassAddUser.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ