SamFlash[.]exe | Triage

Sharing

General

Target

SamFlash.exe
Size

35.2MB
MD5

19f0899d734b637a2e1f039f9db67e89
SHA1

1f3017599bf7b347a6f113b093ee9262cd8e5636
SHA256

3cd1a687600df104ecebd01f1303b7ca40166d2ea688da6ce1829aef699e769b
SHA512

2cf56e79a388e4521b51791e23431d2939be75e1312c280d93db1ef042362f44bb7e44e27a1e52db1978b9df6f0dec7e55314e0cb2b88c4992a57a4c0719ee33
SSDEEP

786432:XOPBrr9kBcYESQaTjWErL4xAw4wW8Xt5gpnvPVEwI26GJ4T:XOPlr9hSQaTjWErc6w4w5oXVa26Gy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SamFlash.exe

Files

SamFlash.exe
.exe windows:4 windows x86 arch:x86

Password: gsmprime

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Pdt[3Mq
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pdt[3Mq
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 34.7MB - Virtual size: 34.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

P
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ