ZeloWarePermSpoofer-Authshield[.]exe | Triage

Sharing

General

Target

ZeloWarePermSpoofer-Authshield.exe
Size

2.5MB
MD5

46db25474a25d7e7a3125f19cd4d7f37
SHA1

d08a84e7955ad84f7e1e6e19ce97bdbd4d909614
SHA256

3352f4bd34c08db37ac519c489317663c86bcbfaed41c84fb1b9d5daaecde534
SHA512

88d2769638c60d1e15b2e4ce3f1f6467615ed77a28a68e645f19b6945b48683d2590ae6ffb55577e66561e5c7e4614e4691686f5c51a801a323a4f18f9e81daf
SSDEEP

49152:HSwr8k0HyoVlbogv2ysJjDaOyL70nS4pfVkqgy6r3aFn:HSwr8k0Hy8l0gvlsJjDax7K5JEyUa1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZeloWarePermSpoofer-Authshield.exe

Files

ZeloWarePermSpoofer-Authshield.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ