GhostBinder-FUD[.]exe | Triage

Sharing

General

Target

GhostBinder-FUD.exe
Size

11.7MB
MD5

c26e5cbca0f6cc30fc2af85f95942a82
SHA1

13c9a25bb4a57a119d6a10b7a940fc3a23906065
SHA256

8d6eda15b51552fce75401a9cd2f5c57a4af4fbc5f7a7262385f0d2652024bcb
SHA512

a54bd316887f4ebdbf51a614437733a3cbd0f9810e86ad3684b2c00db353f122cd349e0366c9c733b0d08282ba1f748155dcc01a6055465e5710e10b5a45507e
SSDEEP

196608:q9qMTFBJ82JYp3n780E998EFcCsqeaLJaAjEi71IUfvd3QzUy5kB2UQn2x/XZ3RT:q95lup3nI5vRTeeh71IUfvd35HLQni/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GhostBinder-FUD.exe

Files

GhostBinder-FUD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ