FireFlies[.]exe | Triage

Sharing

General

Target

FireFlies.exe
Size

748KB
MD5

860fcfb2215baf853a832034e9453a7d
SHA1

ae2fed6c23d1c9f409ca7e2e47e154582519f04c
SHA256

b015b400bb4697f7380a3282cf945a3d16a31a8f75668afdf0acd5b70adf2d02
SHA512

688aab0781c51e2e18b64e870ec3e70cbfd1353934ede3bd8d8ce66183c621a40129496dae0363350e74db291c252749806a98c18b705dcfd4f5edf3c5a98a57
SSDEEP

12288:nZ5XIZvKtjSlpzQ6cxBD0eDr3rPq5XIZvKtjSlpzQ6cxBD0eDr3rPIFRVR/:nf6vMxBDBDvPY6vMxBDBDvPq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FireFlies.exe

Files

FireFlies.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ