FireWall[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FireWall.exe
Size

776KB
MD5

53164d7d933cb6630060856ba3dcd78b
SHA1

8b4d8f6ccc73106e2f6187b96b09a95fd8bb9375
SHA256

27e7a17ab7888b5435ac406a198bb915c2159d688e72b350101866db2a180088
SHA512

092a5099dc9d7a4dde604737430292da186f6f9709fadef9fabf25ff1a6fc7aa2690e4a6071491350102b426fac1517a7793e18945890b3dc31e6f101c79e913
SSDEEP

24576:OCMa1P2hLrdepwaoWpppa1P2hLrdepwaoWppr:O+N2hLrdepwaoWppMN2hLrdepwaoWpp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FireWall.exe

Files

FireWall.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\fmart\OneDrive\Escritorio\GUI-based-firewall-Controller-Windows-master\obj\Debug\FireWall.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ