BYPASS BBB[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BYPASS BBB.exe
Size

2.1MB
MD5

e9b11efcf95a3eed47a9f8072b8a871a
SHA1

0e431149f81bf2a883a1f0b33146e3a06f26785a
SHA256

33ec86f5e3d9aea26a4396c2e4c9f117e1a06772869de501691a9629fef9364d
SHA512

19991b1e36fe7d642c5608d47b320ef9c4577a22bdde609ddbbcc897ff094e5ccb6c7e81650c56cec5c19805dfec4204bf9d2a1c8e23d009132d77eb4d930528
SSDEEP

49152:iudRhTJCj+x29T5n88aeofkOlkJmXJSQ2+W2kNO:iu3wyU9dn88aNLlNJpW2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BYPASS BBB.exe

Files

BYPASS BBB.exe
.exe windows:6 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 73KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vlpkonwg
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qgmxnwmj
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ