HwidSpoofer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HwidSpoofer.exe
Size

1.4MB
MD5

56ab66890dd324d77420fa8d86fe09b9
SHA1

e8ac4789da93ebb923720ed86f97f35fc4be0fa0
SHA256

d6fce8e8f1ff98783757302c1121f8802a92464462f09701e33a07f50f5d3235
SHA512

509a6c3fa7c6b7ce0c27b263e07d3d7700e82812cecf0fa598d620a30fb7479c0900b91f6aa69a83a349728adf75b965dffbf01b8bb5cd2cbec38855ba88654a
SSDEEP

24576:fzOT7nfVsX4UMdu35noCsRoTWugVQkWGH0T4GFGo8+JcBlMfKh90tlRq3kyvKe:fz2fVsIs5nzWjujoH06kcXMfKAfq0yCe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HwidSpoofer.exe

Files

HwidSpoofer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.{.?
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ