cynosure[.]vip loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cynosure.vip loader.exe
Size

1.1MB
MD5

2fabb7bba9657f78f229b1a155ca8d06
SHA1

b2022b5132eee24b32484460f0a6e099788efd7a
SHA256

46da3659480d044554bea0d389d0784b4091961ad607031f57e7c3997764ef69
SHA512

9b23689634385afc68986673e286cb05bf8152a8318fe6bd1dc41ea99fcdf7cb9055aaff785010ce486df60b7a224563dfb1efa96f87efd1eca103e2f32e86a6
SSDEEP

12288:vc2pBLS6bVkgaMj0rCndOYRbmtOUPH4a6h7gjbXAarb4Ad3OgLEFzYNINj+:XnaM4rCHsHQgjbb33GM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cynosure.vip loader.exe

Files

cynosure.vip loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sFM
Size: - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

._-k
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0n{
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ