babb8229b094850cf2cca29167c7c35e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

babb8229b094850cf2cca29167c7c35e
Size

13KB
MD5

babb8229b094850cf2cca29167c7c35e
SHA1

4a997a21ecdc4bd581878028d2690352f1642e3a
SHA256

ccfe8fddce9f17fd8851a62d3e7d0e2610982e834d2401673b6d16eaac5e684b
SHA512

1557460b2fb1eb4318971e26fff436361505a8f8a3794b8160f75b7e310706adeab722ef65b4f8ef96a882579864cebd5ce6824adabec7d9d11f04fe3d595e72
SSDEEP

384:GIcJyRY4QOp11VoF05NmbZS8ubGZoptYcFSVc03K:4yRY4QOp11Vo65EbJNZ8tYcFSVc6K

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
babb8229b094850cf2cca29167c7c35e

Files

babb8229b094850cf2cca29167c7c35e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\BotSh1zoid\BotSh1zoid\bin\Release\BuildPacker\BuildPacker\obj\Release\BuildPacker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ