Splunk Enterprise Activation Tool[.]exe | Triage

Sharing

General

Target

Splunk Enterprise Activation Tool.exe
Size

31.1MB
MD5

fec0993ef960327a065b7b4c7efe5188
SHA1

d419244bbbc64945790ad138b30dbc0b3eadec5d
SHA256

03513bbd48d2ceff0545e49fded276059cdc22fa7a4806944c3acebffab82093
SHA512

c882af0f20067da3ccd75d085edadf8863cdc5a7f45ff749c11fa585129d2ef8acb974f28cff9742513f28d4c8cdcf78e5d0516a1fce62ddae5fef944dcae1f7
SSDEEP

393216:DtdyfzNp7Rxj5zHX0XCMrMzUIaqORoxo0kLqpBQ0vqqQuRDMe5nQ9TR1FcpHY8kJ:DrorNEHryUIavUkLqM0UQDRuXFk48b/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Splunk Enterprise Activation Tool.exe

Files

Splunk Enterprise Activation Tool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\PC\Desktop\2\Splunk Enterprise Activation Tool_new\obj\Release\Splunk Enterprise Activation Tool.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31.1MB - Virtual size: 31.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ