sfConfig Updater[.]exe | Triage

Resubmissions

20-04-2024 14:36

240420-rynk9abc9z 3

20-04-2024 14:33

240420-rwwtvabc61 3

Sharing

General

Target

sfConfig Updater.exe
Size

415KB
MD5

22dc7cc9d18c7c316f3771630d4b61d3
SHA1

23a47291fadbfa157a0c1c9d59284ced092862dc
SHA256

782136e7fc330bb7910af23b501240383ec4b8426ecad08ebb00beae253a2fa2
SHA512

c4b3058eda2a703c5d16deb0e34a5756e45ea1bf686ed779f8fdeba284e0a0224f8716dcd210c24b897077d7400cd390b30ede7fb933a643f9dd96c91c466208
SSDEEP

6144:ZE+PvV9jj/Ddjj/ujj/ujj/myoSF59bx5jj/:ZE+Pvbjj/Rjj/ujj/ujj/1oI95jj/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sfConfig Updater.exe

Files

sfConfig Updater.exe
.exe windows:4 windows x86 arch:x86

Password: schnitzel

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Eddie Valentine\source\repos\sfConfig Updater (FINAL)\bin\Release\obfuscated\sfConfig Updater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ