botfarm[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

botfarm.rar
Size

6KB
MD5

44099b6442797ac5b6a75f159c4c978f
SHA1

8966ab5b92d9ef8626c91856a1904fec016d57b0
SHA256

516d7b37b92cfe6d269fa598348ddf3b07dcecd46a6e2770af12dda32ce3c454
SHA512

d9e45d1fded1b761b40008d6915fb72252c2f15c2a3ea85d1356cf3aead590132f57709af925084327069e80c8b458b51cab825497945aaf7b04cb5755c5be9f
SSDEEP

192:MLt4RvJvuGet8aE5q9DULDCJO1AINCAFMn7FSqDD:SejWvtTEQS8O1VNw7FS2D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/botfarm.exe

Files

botfarm.rar
.rar
botfarm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\aless\OneDrive\Documents\Scambaiting\Fake Ransomware\Fake Ransomware\obj\Debug\Fake Ransomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ