EagleSpy[.]exe | Triage

Sharing

General

Target

EagleSpy.exe
Size

67.5MB
MD5

e7c21d8fc050fde44252c1fc6b874ffd
SHA1

338631cf3e6f6358c187697b1b24d4559c49d917
SHA256

b3fc1dab4a75cedf6fbaac89bda7882434eb138b8535402a4a0432c0be0bf767
SHA512

5811d31812131b081ae09a0131c623935df15bfb3bac7b2c0c9e9565d27f9a4e68d2a2e587f7cb785c444e293ad63c2497d7d20807f286b82b3a72ae2948918a
SSDEEP

786432:m0E2+NX10EPRRaRevtdHoA5AKF7zR/t6tKF+iShgA81/Ko2rD:m0E2+NX10q7ayAMzttZmhX8tIf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EagleSpy.exe

Files

EagleSpy.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 67.4MB - Virtual size: 67.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ