MrBypassNEWEST[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MrBypassNEWEST.exe
Size

111KB
MD5

a463a3ff1e8ab5c91c73f8fa7a44bef8
SHA1

c119e7cb44f0d8b83b8f7bf311729a1b3eec9bfc
SHA256

f42e0e846bbd44a2b919b546f238da13a19c08ad293a8607ecbe4db318c3e157
SHA512

94902cd9d88ceb9fdfb02bf28db709d3183ddef644f6f940aea0a231f435b7aac7e5326dc9e5143063cda8c27f8aa508300690a8e6c0d0735f1bc1ec21595d1a
SSDEEP

1536:dnQhiiD92u6LyouoTWwZ7sXx7MG3XluIzl+pA2KFYgG0ieZ4eafj3hYFpDek2nhG:5Qhf2u6+oNJ6v3YIzZ2KFYRZeabhSpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MrBypassNEWEST.exe

Files

MrBypassNEWEST.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\DominusTrex\Documents\Visual Studio 2013\Projects\WindowsApplication9\WindowsApplication9\obj\Debug\WindowsApplication9.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ