RascalSpoofer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RascalSpoofer.exe
Size

5.5MB
MD5

b8ad54a5531e6bc8ee3186cd263d54c7
SHA1

97af9789e042c69a15a9da662ff26ab381c9ee46
SHA256

bab0000d3fe09476a5946666b2422255cb5b5b762c325165a7b505b2632b1e9f
SHA512

4001625b97feac5a5cb3ec11505073a16474c7243f9eabdf6a45ede521199468ef81346bcfa9f06f727e5ee673f5f3ba2fe23b4b63d28dcb5b5d20b22ff7cdad
SSDEEP

98304:wjFd3vAwG0ijNc5MgAPjFd3vAwG0ijNc5MgA7Mpd53Ym5daZdjObRw8P:wjrfSrOMNjrfSrOM1E3YmOZdE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RascalSpoofer.exe

Files

RascalSpoofer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\john\Desktop\Sped .cc spoofer source\Moonware\Moonware\obj\Debug\Moonware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ