TPM#Bypass EMPRIX[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TPM#Bypass EMPRIX.zip
Size

201KB
MD5

d8c48894daa8136b5976637734c81f78
SHA1

df756332708df3089704624892b6c72ab2c614ea
SHA256

b85b74a22834a9d9b5de05ed88db16748a1f72c36d27b2217d101ddd018f66d1
SHA512

de48b656ae22b590c1d2233104dbfcaa4158426ab1df05307186c7ca83a79fbbff618b0830e16ff8c9db470c428c5cf261c88cdc09f59263a069010a4e746500
SSDEEP

6144:7XJ7xIA6eF2pAmAtlrWv+sSgAbwjKWpFpC3bQ:7ZdIAFSma5S/EjLs3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TPM#Bypass EMPRIX/Bypass.exe

Files

TPM#Bypass EMPRIX.zip
.zip
TPM#Bypass EMPRIX/Bypass.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Fetix\Desktop\Pop-up Bypass\Pop-up Bypass\Pop-up Bypass\obj\Debug\Pop-up Bypass.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ