fakeav | 19a24d0c881b7d71342af177edcff725 | Triage

Sharing

General

Target

19a24d0c881b7d71342af177edcff725
Size

560KB
MD5

19a24d0c881b7d71342af177edcff725
SHA1

5d4df9615939c1b2776dad563960fa9b67e2c953
SHA256

df11dc4ae6573a12fe4634575d0ea1f47d487a12729a7ae92c86bf62f9b4b21a
SHA512

bb0cbfda9711b40d9dba5298c838157e5e79be41adfd7930f83349cbb9d5d0443037aa162213fa129fbe50a05e975925e6c48499ebb998526f704f412360e73f
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0djh:n67MnVnpA1lmTx8MmA07AaSuDSwdd

Score

10^/10

fakeav spyware fakeav

Malware Config

Signatures

FakeAV payload 1 IoCs
fakeav spyware

Processes:

resource yara_rule

sample fakeav
Fakeav family
fakeav
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

19a24d0c881b7d71342af177edcff725

Files

19a24d0c881b7d71342af177edcff725
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ