fordumbs[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fordumbs.exe
Size

2.8MB
MD5

2db11d510fb5cb77272a0cb191fcf6cd
SHA1

82bbf4b0b2d88279f9f340b90edf1846cbb9adb1
SHA256

b74e454c3c6af5cff2fd2661e816f26ccc474f183ad493babe14e26d1990e762
SHA512

c927b39c252b6b255c777e8c61fefd80a08a659155a5c5a35d33078be4ee222a92019fec18e1967cbf58a5bcd8730c6c323df2208ad3c781c2f42b91a577b42f
SSDEEP

49152:omRoRl2T5UfQxXxBKXJZ+2hksLECPotWB089SBEw5/yW5/gHVVeFOwB34vOSXq:PoRl2Kfgx4/hksLsWZgBE7e/gLeFOwQX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fordumbs.exe

Files

fordumbs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ