Antivirus_Removal_Tool[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Antivirus_Removal_Tool.exe
Size

920KB
MD5

8f51dfa7320b3ae912c77b905484fb29
SHA1

2671ac59324787552f6176ceadc279e04c2f7a72
SHA256

08fde60c3762c6b79d6f9eae55184013f7f5d43a4ac7585f3dc0bb0b40426daf
SHA512

17455a3275bcd2f803dfd8b3157210460e254058e76cccfd530e89c1f2ad40b28a466dac17ccde7d3ea6fec89b8f4326ab0d873a0b7d5443b0ce258737b1a99a
SSDEEP

24576:HMLsjvNUa/mHCnqYMxXAMSUswLXibYGRcDbmk53p4s:HMYjvNKYMXAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Antivirus_Removal_Tool.exe

Files

Antivirus_Removal_Tool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ