WinFo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WinFo.exe
Size

384KB
MD5

8783ba8a8b7ddb881c5cb49f83725793
SHA1

49e4050476e92f4cc1042dc880476b88d9d9b470
SHA256

78e04356a51b611d977a019b1e607dc993c0cd4f6183d14a4508b45b8cee873b
SHA512

e979778c95dc31118c8f873d7f6e8e346f8acefa1a7d6b013984f9500037cad1492c5105836a0903db7feb9675c4e89030e67bcb8dc2730f3096e0d44d8ef3d2
SSDEEP

6144:cG9sDXXJrG2NSPktEtrwTs6Vu29TOCvImNInUhJibnUhJ:99sDXX0itEtrwTrVzZOCvImzb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinFo.exe

Files

WinFo.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\plof3\Desktop\WinFo\WinFo\obj\Debug\WinFo.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ