BerTox[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BerTox.exe
Size

596KB
MD5

370fd0f97ae381e26c431c198e66c917
SHA1

eddd7d1c870082c9d88879c1ee747fe289950c62
SHA256

66c14c9cc6efd551e95ce010732add1ab6aabd43de7258f0534996e2dfed0014
SHA512

0b9d0da0e0d62d96e8dd5361ebb21d737b8d9f8b4091e1fb8db792362661cad1bda432728d60e3b6580696c9a641892a5eddafbd1e7bf3bcc5fc287a62fe3e12
SSDEEP

1536:QGRBTVwrGAK+E9aArOb5G+9Einc6gsuqO5vPFzO5vPFsPYCtxwSDO5vPF/:QGRN5ADAKb5J9Dnvoq4Fz4FCYCn4F/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BerTox.exe

Files

BerTox.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\berto\OneDrive\Desktop\BerTox\BerTox\obj\Debug\BerTox.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ