bomb[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bomb.exe
Size

6KB
MD5

46ecc945916bee75dfda187eacc359ee
SHA1

fda1bc4ee439311e3212d5183a932c00b7c8e1af
SHA256

64e49254f2c8675d8798a16fef80b2aafff7c3ca309303e4be945a1a9600eb41
SHA512

48acd2039a7a9a0f2efe9489fe942b77e2d7ef7e1e8284e3ffdd283fbef9143c1f3e5727ed5bb44ee9774ccd8a4f4bd22d95577f2475040dc41b3e09dfdcb5d4
SSDEEP

48:arMo6w6v5TeAgNnz170+qtLpnLiB4kqhzH6RhzGHOQSAjBzOHHu:Y6w6dUjMFnu4kqhj+h+S6dOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bomb.exe

Files

bomb.exe
.exe windows:5 windows x64 arch:x64

Password: cmdopen?

3c4f3de3fc1067e1158b5881bf7142f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

GetVersionExA
GetStdHandle
WriteFile
ReadFile
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
CreateFileW
DeleteFileW
RemoveDirectoryW
ExitProcess
RegOpenKeyExA
RegSetValueExA
GetModuleFileNameA
lstrlenW
GetCurrentProcess
OpenProcessToken

user32

MessageBoxW

advapi32

RegDeleteKeyA
CheckTokenMembership

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ