slam_mbr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

slam_mbr.exe
Size

13KB
MD5

4a8da4cc362a5ea8d8408e01397ac5c5
SHA1

4879bd193dd73681c977371c857217257f141c92
SHA256

6b85e1407ebfe25efd1059487c752a6807ca5699d4b41fbc65aeaf873d99e81d
SHA512

9c7f9739d0c443cb6a15bec112cac3ddb48a472e2d3f19c6041e06249bbde344f5bb958878bbb48798a656c4f2eacabd4275c232f903a8a132a31441bc4fb792
SSDEEP

192:V6bkAHlL48bRDzhsaosXShRbN8aYcliN3ngucO:V6d28b9hMhRbNHYc+wu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
slam_mbr.exe

Files

slam_mbr.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\slam_mbr_builder\MbrOverwriter\mbrcs\obj\Debug\mbrcs.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ