Debloater[.]exe | Triage

Sharing

General

Target

Debloater.exe
Size

1.9MB
MD5

4301442ba64f407a6177c74ab2def29b
SHA1

71375ce9c8c721b5dda90b4f06fd33985a70c16f
SHA256

0797c1c4dc5e6f7d2778f8ba0ea72981fb13af7052194f60df7ce5fb3b2b698b
SHA512

efdda092f7be0d037a6c2b81c10afcd51dde687fecd78fe514ab3ff0f3441649fdaec119ff1dc3d8d2bcd94fadf2bc98111b75d39bfe45ffafb61f04e057a746
SSDEEP

24576:S6MYs/z+5zz0Dc+OlHRZ2yhiGmYPaLMdcb9FnFMpMZvZGySR/HuAaA5uUmMuTD9u:SfDo2LMdUnFMjzHu6uv9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Debloater.exe

Files

Debloater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\sledok\Desktop\Debloater\obj\Debug\Debloater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ