Rubeus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rubeus.exe
Size

223KB
MD5

6798ff540f3d077c3cda2f5a4a8559f7
SHA1

40e8b04603f168b034c322be6c8b0afa5a9e89ac
SHA256

0e09068581f6ed53d15d34fff9940dfc7ad224e3ce38ac8d1ca1057aee3e3feb
SHA512

fb092d756055ccd514f0d1a7cda2c9576bb8c8c2f3d34b16bd89c07cfbf1e3f492feb14b5e839bc6d0e1492c2d2bac4b92f5a1a816ba5d85d28afa84d3cf1216
SSDEEP

6144:Xv3dh/O7F2PN80tGogzoqbvuoHBSyz2cCm6:/T/OM800okoj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rubeus.exe

Files

Rubeus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\Agressor\github.com-GhostPack\Rubeus-master\Rubeus\obj\Debug\Rubeus.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ