bomb[.]exe | Triage

Sharing

General

Target

bomb.exe
Size

8KB
MD5

ca00eebe4daaf1d8d31df510747ab395
SHA1

f3ff4d6befa9b0e041c14ba58091c40cba6ec030
SHA256

2000b6219fe2f4623dc3f8c97d49c71fd4a6aaa8672625235a88589cc1bf9fb3
SHA512

40576e84dfbb3409d7b53ff5f3b150c2b198627b374cc48cd4dddaf817645aeaa6c96b99fb2674bd8ff2a52d001ade5eba57edc9fc29c02e479009c6bada71f2
SSDEEP

48:aVNfbOL1w5NwSuOgnzr717nqwLcnLiB4kvFt+vukdmnmQE+vuZHOQSAjBzO/MHuX:kW1wEnHYnu4kv+2umPx2zS6dOJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bomb.exe

Files

bomb.exe
.exe windows:5 windows x64 arch:x64

Password: fasdjsaoidajs

f02c54c2307e26959cfa6540a873fd79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

GetVersionExA
GetStdHandle
WriteFile
ReadFile
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
CreateFileW
DeleteFileW
RemoveDirectoryW
ExitProcess
RegOpenKeyExA
RegSetValueExA
GetModuleFileNameA
lstrlenW
CreateProcessA
GetCurrentProcess
OpenProcessToken

user32

MessageBoxW

advapi32

RegDeleteKeyA
CheckTokenMembership

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ