BypassReplacer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BypassReplacer.exe
Size

396KB
MD5

361447744c09a6bcc59f6f4694e41c91
SHA1

dc9e8befcd0c0419d170fda87e16a0781bc9ec11
SHA256

6705ad057171be2bd5792dde5fb563eeed3b88d3c78ecd9694b14008d5a350db
SHA512

7c9064bd7c6893c110fe6705717a84d402bc85164faf9cbcb9e9f012af29f185e790b7ceed2cd25b907b0f78a73d054fdba10ccf21280c9562aba25ba747b82a
SSDEEP

6144:bdLPA0y7SpD8i74hrWSeOj3MeLzonCleO7PMUnB6Zbf79KQriTNLbWugc1rJ:VPA0gSpYi74haSemza0l6JcoQetCrJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BypassReplacer.exe

Files

BypassReplacer.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Hd=
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.~3*
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ