Crowbar[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Crowbar.exe
Size

916KB
MD5

b9bc1cc4ea7f116e5a0fefc8fe208ae2
SHA1

966926e7c5036f451c3cdbd18a9fabbe57e5f816
SHA256

5ea21d66e0a864298ac94089c6a838ab5ff59ebc5ec87747025029b6fe2395d6
SHA512

642454e68a2bbd12623f27e8cd450fc090fedc18cd45743a9c836de5f5e3b34da1c14851e81a5e2cf4e9c3809d9841feba10679503b0ce279eadaa39261438f5
SSDEEP

12288:tL3y4O5vme2YIX6FJmD9r+gztzMiyqZdJsb1z:J3yf59iX+JSfztzpZdJsRz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Crowbar.exe

Files

Crowbar.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ZeqMacaw\Documents\- todo\- tools\SourceEngineToolkit\Crowbar\obj\Release\Crowbar.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ