NovetusBootstrapper[.]exe | Triage

Sharing

General

Target

NovetusBootstrapper.exe
Size

983KB
MD5

9fefca2c9fdf91edf4447e080c9d0a23
SHA1

a88922af04fca58017265f6414ec2a89dcb032ac
SHA256

3f224dbffe53a5eb82628dab0f874a0157aba14427c01c28185a1032c70515b0
SHA512

2dc9cb61aad39d66f1ca7be7111f2d7142bd137931dc69080e76e1161a39f0ac3bb10c67f2629234aae3cc8fc2096bea4ebd0b2b1fa97aa77c52dcc89cb1e517
SSDEEP

12288:yVJ4acTjQOzk+xdiZ7kMRCyeXLBqo8MP3cY98pedNOsx5v8u8By2C4ax:CJfiQOA+x8Z7kMiZ/cbkNzTEu8BAfx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NovetusBootstrapper.exe

Files

NovetusBootstrapper.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ