Bootstrapper[.]exe | Triage

Sharing

General

Target

Bootstrapper.exe
Size

391KB
MD5

bdd5d27003b233535879ec0f2573332d
SHA1

3ccfe1d152315f62b8b103e1876f554af55f272f
SHA256

3499997283c0c1dd38ffcfdc2303c5c7ddfa4e946c51725b3b754f53780519ed
SHA512

d75a07bed98d1181cdb522cb1d20bacde81d3db7b3825edd1a2aa4c02a88bb61c4501c8d48d4d7a3a84f3ea318f7efb95636bf716bed321fba3dd3b34f80e706
SSDEEP

12288:ZKMLC9Cdzw50KaA07u06ZMLzq2XNHJUX:MFCdzyFf0R6ZMxNHJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Bootstrapper.exe

Files

Bootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ