Bypass[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Bypass.rar
Size

134KB
MD5

20b87e6e8a376e93c588abbb77214e8e
SHA1

12cd59010abf9ad493ff2de7cf8de97e555e2c8b
SHA256

201e85042e3d1602c3e3ba2f8d6daf0c226354c6496faefa8ae5e17977bbc95d
SHA512

7e4cddccee08514329dbd1df1d8be1dfbc7ba670f9ac2244e6db358a001bb17ed4142e3878344536b69c96f5e00d4396a4d955f693784a17309072f65dee6f16
SSDEEP

3072:U8wAREd9b45cq6R+TI7TVPpCnvlvC1dXSFI:UVAsb+H6YTI75PpCN61dXSO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bypass/Bypass.exe

Files

Bypass.rar
.rar
Bypass/Bypass.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Fetix\Desktop\Pop-up Bypass\Pop-up Bypass\Pop-up Bypass\obj\Debug\Pop-up Bypass.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bypass/Credits.txt