bomb[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bomb.exe
Size

5KB
MD5

1c3761476df88067fcf1b17eaefd1776
SHA1

c29a021fc8f52089ab8638afd33dfcffe210c13c
SHA256

dbe112d1c17be659e36593c2b7b39a43d360d0f3843c3375db49058afe45bad7
SHA512

40d2847368ef183b2184b1f5517768757f54ec8c1485e5dfdb9a85baae7ecc007ce4e830aed758f8310f15d0686d56785fae0a7c723fbf52b2310db77a9dd822
SSDEEP

48:an0LGwZ/vE7i0Mug7Pkq17yT9YLlnLiB4kgBjVBJU6UCPBjpHOQSAjBzOHHuX:ZGwZ/bfseJnu4kgBhBJU6ZB3S6dOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bomb.exe

Files

bomb.exe
.exe windows:5 windows x64 arch:x64

Password: thisisapassword

867ea6e0cf4c4b6b9db163b3a8b2f58b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

GetVersionExA
GetStdHandle
WriteFile
ReadFile
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
CreateFileW
DeleteFileW
RemoveDirectoryW
ExitProcess
RegOpenKeyExA
RegSetValueExA
GetModuleFileNameA
lstrlenW
GetCurrentProcess
OpenProcessToken

user32

MessageBoxW

advapi32

RegDeleteKeyA
CheckTokenMembership

shell32

ShellExecuteW

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ