bomb[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bomb.exe
Size

8KB
MD5

935fd6b9ed1f712acab32c60c5bd1424
SHA1

7f4007976ad4a13c867a2ae40847a6ec37a9da4d
SHA256

823f568f89757d7c5bbad5e9b251588ba0cce9f5571317bdd2603915f8d9bd98
SHA512

a1c62fa5d445eb889551e69800bc02de5f9b227d9739fd8d3c6e75c1576048d8642b07f70e0e9faae7f4926a6b9b48fd9611b1cbcf9fc866f112984a51c36e03
SSDEEP

48:a7HObOjJwBtl4grLegY1rL17LurLInLiB4kvFEZ7ePdmnmIoHOQSAjBzO/MHuX:0Jw14g3VY6snu4kvCw1mrIS6dOJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bomb.exe

Files

bomb.exe
.exe windows:5 windows x64 arch:x64

Password: fhosiahdoisahdoisaydosiauydoias

f02c54c2307e26959cfa6540a873fd79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Imports

kernel32

GetVersionExA
GetStdHandle
WriteFile
ReadFile
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
CreateFileW
DeleteFileW
RemoveDirectoryW
ExitProcess
RegOpenKeyExA
RegSetValueExA
GetModuleFileNameA
lstrlenW
CreateProcessA
GetCurrentProcess
OpenProcessToken

user32

MessageBoxW

advapi32

RegDeleteKeyA
CheckTokenMembership

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ