ExtensionSpoof[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ExtensionSpoof.exe
Size

66KB
MD5

293d9eb889de8ec6668959e346291b64
SHA1

d42ff484a7028f998cb21022d9e2cba409402459
SHA256

24cb8b9fe33feccc3afcd20aa73812818bb5bfa224197ac5cc2accf5989fb125
SHA512

dd7b22a8532c2dd69952c2c08d87d664623091746a64123847c636eb2e31af9a3f02481d6a54d730ac0c9fffe3c269fb4993894fba6d8a63bb696ceb0e3ba44b
SSDEEP

384:HoSWWTCXy1B8SuvPCxnoTTM84c5rGn0ivBdijFJ0owyd4gvhQhu1LU7J7qR8v0OZ:HRTCXybp2K5RE7LFS8sUKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExtensionSpoof.exe

Files

ExtensionSpoof.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\h-byg\Desktop\ExtensionSpoofer-master\ExtensionSpoof\ExtensionSpoof\obj\Release\ExtensionSpoof.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ