HWID Spoofer[.]exe | Triage

Sharing

General

Target

HWID Spoofer.exe
Size

416KB
MD5

5de4c72bce14113d19cbfa33964b27b9
SHA1

f645ef666f062175e57c94a9b48e9a3fdef1c99d
SHA256

9b32c009b988670f78883b30f9a0bae23395192201f371f051e22951038ce266
SHA512

ce586245a154e7dad32fecbf5e2497e99361c80233bfdb2b39bd16c1abccc1eac0350d60a02a330503fab75b89948f913fdc6d85da0602e6affed4c5c544f261
SSDEEP

12288:aJcsKRRnIYVD0FiKvgjjsbyqgc8o/OvpOYl31LU:aJcX/V4CjsbyqF/OvgYFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

HWID Spoofer.exe

Files

HWID Spoofer.exe
.exe windows:6 windows x86 arch:x86

aac01a222c27d95b764bdaf23c96c3d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

SendNotifyMessageA

advapi32

RegCloseKey

comctl32

PropertySheet

Sections

Size: - Virtual size: 232KB

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE