Keylogger[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Keylogger.exe
Size

29KB
MD5

9bc8953a679136ea4f807a9409f01443
SHA1

1a18edd0ff884d61ef4d4c0cfb2931d44c0a29ae
SHA256

9fb1aaf0a0cffce131c7528c72a19faa119ebc4966b9ac76f0b34af1df094df0
SHA512

4b3c67187857097e5c4dec7ab7b321f791a81e7fa7c342a7891def93a22ef470c286d885288ffd22bf13e13dea8f33b6c5e5b1d92bb25024528aa36cdf1078b9
SSDEEP

768:h/SCY4FKQh82unWQfjeapTGQmz5SzbYYbvtYcFmVc6K:BSCbTh8rnWcjrp7m4/hXmVcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Keylogger.exe

Files

Keylogger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\HP\source\repos\MemoriBooting\MemoriBooting\obj\Release\MemoriBooting.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ