BetterClearTypeTuner[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BetterClearTypeTuner.exe
Size

49KB
MD5

84156bf0022f7a5001492419067a7ceb
SHA1

0220a4a8006b3ff57ec0fed132bba880b5999179
SHA256

0d2e10f7ed0789cff61f14427c4c2cb2e3867e050afd49351c511980fcf6ec1e
SHA512

f7be9dc66b857356c589cf3d463714942fe8f66a9ab03a00a63f31d84f05afb3f8cbad31b63c65eaf228360d1735e364cbd2bb169a228a67f1cb127cc9c85918
SSDEEP

1536:lcgaVyeBBZDgSO3jAIL119sLoJKYBMGXdLvb5W:4yefZo3sO119lnBMGNLzY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BetterClearTypeTuner.exe

Files

BetterClearTypeTuner.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\brpea\Source\Repos\BetterClearTypeTuner\BetterClearTypeTuner\obj\Release\BetterClearTypeTuner.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ