cryptedfile[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cryptedfile.exe
Size

18KB
MD5

7299c412c5f9538ab9a0dbea37c66eab
SHA1

b072b13a10767c2a1e2dd4982a75fafadaffd567
SHA256

e4a00cd821ded2b66de295f89940be397d4c4ea2189c5520f46cc450336332e7
SHA512

45c458090b8654e91ff8406fec7472290bdeff403bc5ec76dc94929e42aae93b385c692a39aabb80913d7170fc37b11e75e4b795e3761b13df43c33a990ad9b7
SSDEEP

384:9uyxRbVptYcFwVc03Kh0SlZE3O2gZMuy5XHuck+f2UjZPdF:cyr3tYcFwVc6KhLE3jxB3uL9U1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cryptedfile.exe

Files

cryptedfile.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\parke\Downloads\New folder (2)\KreYzeSpoofer\obj\x64\Release\launcher.pdb

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ