DeadFather[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DeadFather.exe
Size

162KB
MD5

3fa6f6288bea8c0451ced36d21b27e77
SHA1

2f73bb3c35b07a258d79e3665feb7254e1ec9535
SHA256

6dbe02df8cb57aef9401f487a52a0cc427b11b331ea814c0095677ba5897cc17
SHA512

4709e71defe91a04f780a28fb4ddef6f5fdbc2db472f7ae195825de6351fe63da1d24771d0dc6e6e3be9c60fec5fd87d73f4b25623de1f4beb1b1d69642caadc
SSDEEP

3072:i+hfjRC5n84eIOgsN2N8roOa8/C28BrZMNOy+xj8WtQCa9wxl4ZT91tgCxWP:imLM5n8e+2N8roOaCPUGwy+xj8WtQCaR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeadFather.exe

Files

DeadFather.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

35v; }
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ