UnFlag[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UnFlag.exe
Size

90KB
MD5

e403da8ec0c9b2bf4e9aa35bfd5275aa
SHA1

8b47f22857ddbb90846f802a64b0b077e776237c
SHA256

2818ad9aed45d048942fb1907403920b00c672f60049cc56a6c13f8b110c4469
SHA512

39d888fecd3e25d892ef13ddaf121f793d2d955eacf76a1953e70a3b550d54cd7e063d3d2c3b3eaa5e6b3eba2d018d9218af612778e3cdf10214469cc6dc30e4
SSDEEP

1536:ATClwC/J1zlN5GTbhlzIsonmHX9hoEO+zMnInj+v2lyO9/3sPWnWpN72zmtH71:XBjGTbhlzItUcEO+zMnInj+v2lyO9/3+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UnFlag.exe

Files

UnFlag.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\oi\Desktop\temp\temp\temp\sd\sd\lk\lk\lk\BernyyV2\obj\Release\LowKey.pdb

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ