Zerus_Bypass_Emulator[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zerus_Bypass_Emulator.exe
Size

909KB
MD5

87916f578d8f6259316fe23300bab833
SHA1

dcd6e791f965514c2fc5adf1b6721d17c9f3279f
SHA256

c41abcd2543d2d2df32d92d7634b362c946ae96f026c41f5542edf4dac94c1f0
SHA512

efb106b4486a674840de6e2b4381f6e7180920129b2796662e05f7e3a9358dff8251bdb3b35df2fc36c2c44ef39a9a3b7ba252351d900bcdeafdfe7ebeae95f7
SSDEEP

12288:aI0dilAAl/O5kW32FW8xi5QoF19ieGKu2r1jnUlL8brbhklJrvFR2rfafLBdt+cE:aIIi2UN+2Rxw9QejuynyTlNt1FbIV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Zerus_Bypass_Emulator.exe

Files

Zerus_Bypass_Emulator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 903KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ