faultrep[.]bin[.]exe | Triage

Sharing

General

Target

faultrep.bin.exe
Size

606KB
MD5

3d2fb2e111412d2d844d223b79fb5c99
SHA1

bc269330c84dd786384738712f98c0edf9a47917
SHA256

0fbb21dd4fd0e0305b57e64f18129682a0416cf852d6bc88b53960e6b48603eb
SHA512

66336199c5439679228bda63c61375406bcdad1fc913801f7a0a391287de6c893c6c64b62a5bb2daf209f6df1a9c2a38d5ed288059f6eecc8bd9faaf004877be
SSDEEP

12288:Gk6EWzQbUt7KIFeFTzscStmtRo/pqLayo1k+bsLiRKZQ0oJz:GjEWzDF8rTo/UKoKWQ0oJz

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

resource	yara_rule
sample	pdf_with_link_action

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faultrep.bin.exe

Files

faultrep.bin.exe
.dll .pdf windows:4 windows x64 arch:x64 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

WerpInitiateCrashReporting
WerpInitiateCrashReporting6

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE