VrfsEcFwGf[.]exe | Triage

Sharing

General

Target

VrfsEcFwGf.exe
Size

322KB
MD5

b3804c46269ef2690eb70a75ef21cdc2
SHA1

47731b2198c07d82b68eaab2cb8b4e968f15f160
SHA256

294bfa9b30bd890eb2e7c633f9195d2723f5703117cc3928ce072a035ad7064e
SHA512

0eba88264a0b27e3c092064dd28f80c5e3b978177183953bbc5b27d186fd3883201943a6c96ff0b8039e281d955e7d62189d09724677833c641e013601e7529b
SSDEEP

6144:+BznSixfdeTyHpD50AxlkX66u45YflfA0gHMYWTd/Kea/VPiQp2nOPEaxHU:+gSdfjxmX6L458lfrY6wLn2Yg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VrfsEcFwGf.exe

Files

VrfsEcFwGf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\dripz\source\repos\VapeLauncherRipz\VapeLauncherRipz\obj\Release\VapeLauncherRipz.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ