free spoofe1r[.]exe | Triage

Sharing

General

Target

free spoofe1r.exe
Size

197KB
MD5

9ca66a50465a3f07ce6e5d80e1da160e
SHA1

785cbf19b2d8577871e7c93e840f2ea3a1237eb7
SHA256

5944ba347d4797eeb52fd5b947b56163575ad28e5ffe68bb84de19c82b7696b9
SHA512

e98459eae421d61aa7f5cea9c80e5a7b3a162fa69704db339c6157fdfa283ccf039ced846713fc999f2f3975f8967163817bce2137669b9fc1097cf1f10691c7
SSDEEP

6144:jR1VxJLizZPHcLGhLy0c7lAS/0RbSLm8K:d9gzZP8yhLybGMAbemV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
free spoofe1r.exe

Files

free spoofe1r.exe
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

6d1d4ff0617cb633a835a83e4a31c8cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

DrawIcon

gdi32

BitBlt

advapi32

RegCloseKey

shell32

ExtractIconA

shlwapi

StrToIntA

winmm

PlaySoundW

ws2_32

inet_addr

urlmon

URLDownloadToFileW

gdiplus

GdipFree

wininet

InternetOpenW

Sections

.MPRESS1
Size: 175KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE