chams bp @powergirlso2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

chams bp @powergirlso2.exe
Size

4.3MB
MD5

5e292fca50e7004e1524a58bf5a189a3
SHA1

68b38452fd6fe6596257071bb22cd62eadf5d510
SHA256

e3d41df8202276d1de381612017ca1e27769964b8efdbd83b9efc14947ef263e
SHA512

ffac3698fb32f2e00004900b0bba04602c47931d81062f7fdafcebc5ee3121a26cd589280c286f6d74c84b8535cc599690e42c06a89dab116a6d5f063815232e
SSDEEP

98304:ra+1gS1eiKC36hpI4kR3fc6CzlqHHvHQVpG+uT8c9Put86YnYndN8bx0Gm11aBQn:ra+1gS1eiKC36hpI4kR3fc6CzlqHPHQ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chams bp @powergirlso2.exe

Files

chams bp @powergirlso2.exe
.exe windows:4 windows x64 arch:x64

Password: hi

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 224KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE