SolarPERM[.]exe | Triage

Sharing

General

Target

SolarPERM.exe
Size

2.4MB
MD5

2309fef8e5e7d83e60689bc1ad2e9244
SHA1

cac2bc3275ab9fc51250ee95b87dc5b88322fb1c
SHA256

3e2751cfc79ae740b27642b53685d4ccb5434aa989ba12de9ec291197c1adba5
SHA512

bed489d52f7c52a8473cccdb9c90937630136ff998fbe398e3056ff7e598e45161816a8d9a74bbd86623e8741dc68a9778f66b6bf37c886c35572f991bf1576b
SSDEEP

49152:cY9/QTNw2PXITYbNbNWo4kSH3OqtwIfrgBWBKH8jkDVFCNXODzWS9HfX0H/G:ci/ExXIT4bNJFY3OqtY+KH4kpc+DX/0H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SolarPERM.exe

Files

SolarPERM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ibrah\Downloads\niiger\niiger\Spoofer\obj\Release\Wnz3xLvEpo.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ