MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dinwod


Vendor detections: 15


Intelligence 15 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
SHA3-384 hash: cbf4153dc91b45454fd21f2a5d4bd0b7143997d21307caa13fa5244677ebea9db7360964274bf31897f700ef0c47fc7f
SHA1 hash: 65409b7370c1ed8bece3181cd7d0f961997f4df9
MD5 hash: 0eec075b66c8ccc27dd977813a42b330
humanhash: california-september-fruit-artist
File name:1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
Download: download sample
Signature Dinwod
Create hunting rule
File size:156'893 bytes
First seen:2024-04-09 19:58:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55762c13550569b1a3a5717bae4453b6 (10 x Dinwod, 2 x BlackMoon)
ssdeep 1536:rj+zUtBIBU+2Da4lH4Iiue58o/ZDv4GMfcHZIlVKAn5ZAcXeOqbZ6NjkEVnouy8x:PqSe5OmiEoAcCbZ6FNoutx
TLSH T1F1E3F822E51388F6E02E05F557F2073C9979876368B24A6FCFE4CDF11EA22324B9645D
Reporter e24111111111111
Tags:Dinwod

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
GR GR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0.exe
Verdict:
Suspicious activity
Analysis date:
2024-04-09 20:15:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8cd91ab2-20d2-40e4-8d6d-6613bb11280c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Searching for the window
Creating a file in the Windows directory
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
blackmoon crypto overlay packed xiaoba zusy
Link:
https://www.filescan.io/uploads/66159e140b46b3036930a079/reports/1781f151-88d0-45ad-951d-19910889011a/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
CoinMiner
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/503d68dc-80e3-443d-8aa2-97fe1a7fe37a
Result
Threat name:
BlackMoon
Create hunting rule
Detection:
malicious
Classification:
rans.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1423313
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected BlackMoon Ransomware
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0/
Threat name:
Win32.Trojan.BlackMoon
Create hunting rule
Status:
Malicious
First seen:
2024-04-06 17:38:00 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
34 of 38 (89.47%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3kpywqwf3ylv2qyg7u2qyzvcoxbhn7eqmwizhcls2iluscsi6qa._file
Verdict:
malicious
Result
Malware family:
blackmoon
Create hunting rule
Score:
  10/10
Tags:
family:blackmoon banker trojan upx
Link:
https://tria.ge/reports/240409-yqe3gagf92/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Deletes itself
Executes dropped EXE
UPX packed file
Blackmoon, KrBanker
Detect Blackmoon payload
Unpacked files
SH256 hash:
b5eb2db159caa687fcc70c8aa84b8ebb6e76d56e9d0436e7e9666f0843c11aa5
MD5 hash:
6184fc87af8373e2052ab5ec583d4906
SHA1 hash:
7f573dc9b4010280e5c044db30907892a27a22a5
Detections:
BlackmoonBanker
Create hunting rule
MALWARE_Win_BlackMoon
Create hunting rule
Link:
https://www.unpac.me/results/ef56ffc6-5030-48d3-9eea-a3461444bc0b/
Parent samples :
17aaa67a8520519eab9a22b9d5a15ff3a1581b9a4ec361bb60ec348f912d706c
83ecee5acafd409589155cdb97d5ce777c24e65d7b1c9fe5e4875882219e8239
dd1d9696233e7e8de39d4224dac008e429f37da3c4696d8e13a6acba943be8d6
1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
24cec2bd1249842ed7d8e45566b2e9eae9fc7aca3ee976823564f45691148fb5
3bcc8fe45a0e2351ef3065787afdc57c434e7954aa6783d1be5004c5d9c9aca6
3ea5f486d171c1bc39df1f54656c0bbc5a06146586ad604c2e961a5d46a468d4
42c2d8d62b43279fb1d5ac47289f110c83c15194fa98eb9bd338b2af88fb6095
4e6f4737e8a6e8dec929ee88fc23152346fa56c5629feb6d83160d77d62c18c8
c40c47e6805b82f64cf15b6b90c1d8c9a5137a0a6c28653d9d80d6e52e4eff71
e2409b19955e5f861e776af6fd365a0f7019311ce4cd7e339a5914a6043d068d
ef8efe664a4368b56c046457b167e3952f06be1c391caafbca5794926e81d161
f9ffd6e67287669a7d12ef46284919380a3109749d83fe4a5d47757c8fe4e282
ddb22094421a89a743913d4a6043ec417860fc960081812983a8e6131b4808d8
5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed
303c0f475f70ca8009338abe7061bf0e8ed7a61ec5cc2b8a27e00a4bebe3dce3
ece155a869b1bcbc337be04dcb15fe07bea82c73e5a2457995d84998e15ab350
7ee2a64a47ebda887470d0d37d9bed5e8729ede9e83b4eaa5773b7f343fcb751
866dc1aee796e0545be368914856ae6971f78c76020c5a8405ccf58c5d05a3b0
7a0235a44d0e04e2628055b4b426d51e7ae788313e0b89accaa0ff03cdf83660
25899a4fd0d13f3908ad32da4ff2d29665ed2e685da92b4ddf777a26460a667f
93b41a41957b3ab8367193a1a7b4d83870034417c7c7f6c8aeb4e59b4fd404b4
052b4f8f80ad8e2c013fe1c5822003ab889817fdd4ce59112c1089c0a8005b5d
a75087810721585d8b0aed073528d90d315e6de05052fee71b72e5d561eb1831
48eb5480c17d6f8e20ef1060303f66ad9ac68dfbdc69b11da5c62d214c9078ed
38803273f78fddff5d8a05f62926f3f557f58ea1455658864d54425a75d88398
3ce66a1fbd937f66e09dd930ff9810085df5c2cfcbf73b7222e2fd72e375be79
79272f405999d6971d9a6b4cf6c497990988db06c74b31550f93e8dfeb1b35b4
d9e640f73a96f69c8de36c6dfbcb6153f891ca72dd1cdbf85e83bed3d11fd132
52d15941e802177643ad69635bcb4cb98279cc50c0094eb6c4c906813f2a35cf
f00a9ad47c668be84e718d75bad6fab553221c1272276b6548785102898ea6c4
865a86014e8dfcee36bd075f93878b302343b1e85a9f94e9342259daeddc55ca
f00c41e45afaa99e16104e6c78dc3f6d6c593240fc93c76a75f57f5483c62970
7cbe384f2bb818d7cd52193df8057b70642aa33887722e459a89edce6f2e1d3a
0f0190e2ac3cc0bcae836af180621a06eec313b5c99e685bb47ae90b1a1fc99d
0f05b59d151c748304248416063bdf3f53fb5c931187115bdecd054c1681eb30
0e1883091bc63d868fdd1d0205d28443fa0923125dcea2a60d9454dbaae877fe
0c0d49eaea18403d5d571d52a2f3951016e9a080359d4e8004ddd6f96bb608ef
758172e802c500fcce2a9d66c729341022ced17627524b5a19b4e4b67871b34f
7557555463f2aea8f9500cb65dc35ca20c59ac0742beda6494240e993d8d0549
b5a9af06923518ef67d61ecb5aefe586360ab8a8f2c9230729e21cae65455c70
f879fb5981ab58b148519604d2e34b98ee4668e994946d97c889528c27998095
5696de8c88dc48597b65b15ec18a5b5565de3ce0c5564e832382ab7a3b359354
33714069de86b5d0bc586b71c73f75830566e7f14f022d17bae21ae0cdcf39d3
3fc89df942f9c9f5e048f02d0ff46e10d51d3fa05dfd2f641c4aecc8ac51be7c
c1652bcf3cc4da7884fdfefe92f8702388a9a65110c40c8eee686cb4d30ab7f9
a070ee8b54aba9fd93fb0bde9658f1e67acb2f4ead62d21a03cdcfb512f50f01
75ed4d66b97dc562543967419f8bab9eedfcf5d9a1e25fff15638bdcdb7d2093
7afa942b2ce7d0a6bf7c56028c885c61a3b7e47da416c6dd394470d12393a705
8a23578412751671a06a2d23d0087ddda8a31082e7aac0a2bf03a0099fe4d66e
33289b256b94488ea6d4653f012b9d18cf84f3502034d8f5ed5ffcdfb5a7c8cd
c66d3d08921a517d9f6f4be04b80107552f439f2d1cb25ddf0f51cdc4b2f3795
14caf2b92afa8954ce65e210cc819699cfd777ebf0c22952bde99980954f9aec
a0a8f9e01b25836f2bb4af1b433c965151d368783ec9a4d1261a720428473a70
2f700d7741b831d33f160d179667f87ae41519b778f8598e000087ad4a8dc22d
30dfb449b77bf52f0769136939f7d7b2c49700ca30bb14a896ecd8234ae4de10
a8ad333edf3b6851535b35d524d9205d2d7fa5bb7bfbd9ea7587cb1dcea84f33
4af204330cff5d26c7b33cb8cf1f404face440055d1b843332f48fbacd2df041
21cc938c30fdc35443bff82668d0fa24c67966c78714b158328e6c2086e0834e
932fe951bbff4f038b1a6bda53a4153ad185e944e8b395671eee234d4000cf0c
bee2d93e31c4fb59b8c68df46d490d0c44846866cbe7aa162f441dff54e6ec0c
4dfb479fb197aee9c06bb60a17a30649aa6fd7d2f29ae32897ee3669f204da77
5fab4c05d749303c49d818798d50b8a59709763f3410b74b99c60b3f53941ec6
0c3d50596fb3ed7b87058fb7c3116df218436443e923ee220ae8a599ae59cd18
8fcc9536f233b168e5b358654b2a54fc3642385f7efeb998b687ce4602f77f90
620c2b809c2733e7299d884ddaddd76ebce4cbd0a19fe1c8d0c2ffd8ef72766c
3f71f149c885bcb3ddb06237ae39c6fcd8e53fdd20f5a6f954a4427020c70cbe
d75b19b16dad7e134566b44c88090d84818580c0036abffc51ca42f280f96bdf
8e597ae30fd96732ea71e71be54a00387f525ff8765f5d3356ea2de27d377b73
a8849235bedb6545abc73d5d18954ec2d68441bffef51b389e9ea47914f64cbc
d52bb9cdd98c068411d9abd73afa4d358153940dfba8314e76b1439764d3008e
da73f2193b7742f3c2ed889eb46859ca8385baff6643a539272b99ed89eaf619
53b1de0e983d7b6220d875674371f6e8c1a9ff79258cede876a92ff53b75089c
5c74cf6595c1dcd022eb6b6d3fb1de66892d90fb40b57a6f6450cf6d7820bddd
2f4ee7a6a9b5cf9a74cbe7ef1dab3354b1093611568f3eadb9b12b390223bb16
6f42b7e0939df8bf02a86815168a9c5dbd945551e18c6bc7fcf6087a6019d4ec
2c092173ed8c158328e75d989fabdb45c95bc40b4623b10997ad0d14f019e9be
670a7309e15dd7f20323e8c8efea4253936cbe0a141cebfaa7d4e4e89fcd9754
88a4105dfbbe32b3d30cf5744fefe78cd57abbe787a139340cf5a00e82f90a06
556535c266ce666c39670440f883b7720768bf9121913eb771b416666a4c05c8
537954551a3145bec55163c10c7f47301f1c4eaf7a2f516df96fe96a6bfe3242
d5e0cd65b0790a053f31d11ee1e72ab3d4d947520db9cea56808796423c62106
2a842aad107e478ef18e5788d6e5c34cd7c5911066f97b971c070ec2439b7d58
a8663bab25a45f6c8382f115f82fa9a240cf798c2a529170622643596d0d2d36
e1c0a081125007c4f591e0af3a40c2dae39f49918d6ff9ee3dfca249aa7c71a6
2bc19ccd2be58546c45026ea316486cca0ba1a2cb823584e49ffa426787dedb7
5a644b5d0637b7cd6ab648ec1f2f3f0343838091b14e3206f4faca9496a987e3
9106718bdc83ca23718e8d155ef6cfe9dd0f20d9b07e1b59d64881bae739682e
3e4f72f79acdfaf0a7c1675492c6d7ab7821ca8be70493c6c6d54aab0567a31d
1bd4f3e832ec723dcfd54339b8e91649550a09e82f003fdcf3fbed44d8e9bc39
4f1c27ea763336f4231b96b0a6cfc82f0d78637737d44ea0405516eb3dc4e5ec
066fbcb0aa95b916a702283a8c0d970de07d5253139f326d1a46146bfbb21ae2
5a1e13afc883680230eca15d50e13bfef5d9c71b379d98a92d331d53d39613e4
1305fc641af218102c01eefc04c8a470ce8e72b51ab9c643f802d9ff553949a1
0774e48c91789ee37d4c85b1d5c2b4f82ac8d71e873206ac2cae99c8028a073a
5b8f72d9fb9c221181a4fa949fde32a73c553b51d1c678d5f99791984315a6a9
5272fb5747d6566a624b68b75f7fa6b269ade8823cfe417e9999e878b8fa3a9f
b63aef016a3aaafe5a7a28273fd88e2856b4b8ae204c00fd0fa521af8eacd513
1f2e170af2b29cdb11a6950683c7b7ddab8d5cbceba3960ec5bc99934d8b99d9
22da92e7d3638c6b98711fa6aee4c8ef6791875d90ea4585958a5cde8082c76d
9725eeec113f1666abd1ab79e09e3ddb5afb1a191a640f7e8eeefaca73ee43d1
2bfa2cf0fb4d6919be07c383c18c3e1c3ea4f69a11c7413718cc84f637dc0be0
c8c2d0e01b839e965c45f8889dabced9194ac8f21d8ef5e4db8b95baaa84497e
42298ebe02552318c19c9af1fc804c3545ca50e51d70163f0426885425c5c4d8
5043bf530df1c2a3c99436d64e161230d3f51cd3c81a4712955b11bac1c3285a
d69f0a21a3cdb6c90eec122c3d4c12229a43916868022975416332056a6b5d3c
7fec46aec2495ea421dcde945980ad06730094fdb1ccb35b4dde560eab3c7686
e1427c74773bbf434efdfa0a0c3b3bcbdc90186b24088b793dde2fc97009e2f0
0a629f396acc43ff5e9de4dd5f92622fa26874f4a7cc24262d78bcf39ff1a60f
89bc320598a3a5c8679fbbf4b00462585d1601357260308d5bc057fad80b1d56
812029879b83456824f0d533399848feec65d68091608b299a85f53f6cd4f50c
88e536f72bb473a7ca55da5fd5388a497969bdf9f79aa1ca8e2ac032be149f20
814763a8374f252a5fd53f42bef65e1db36adbd8ebfed5d1e545d120cc796d24
e85b995914841ee062566da78e854d0620280a06b6f3b6537fc69d1443b37a87
bc7fb16334e8a6db2f4f59cb10f16d457e6606ca1fa0a3b5c49942e569f7fde5
55e62ed35c85ecd3457cc8567a59417696ae278e3c4751cfcd4cba13b8d1beef
bebe7e47972e0a97058b9aa2212e0c64f09ce698c39749f92601ec8333693005
f49f86e30d244994f49f3b7461f19509102d0fdd738d8dda45f08eee4a917c37
c8a8f75dd37d6bb627f49d2837a12eb0ac15a00bacdc1c6b8544a43c049741fa
7bb4cddba0b754637c9a3372e4af5b119848674ce7738452f957903d176c2dfe
baa7b5f93c5b791aa64b64b058e798773bedb528653acc079bc7a626f9589e52
be5bd58da64e4d6592ef24d066b2351bf58d9fd54a5cf8ec6aba022a0ad63d29
1959a2cf4a09b4ba8b46bd2e9926060fdedb3325a7b95cbf6cf8c34d9b080475
11faef45a6fd3e53a2b25b5af2389484759e29b29ea7c58e1c4d2f9440f260d4
93f09f76a241ed2c4e821907847404a556641196ffe89d8d5ad7a386ec166524
5ea32896fb1c63e2ff10a26a2cab83b63ec3afc7e51ba4a05bec3272e2172b03
82d1f1c5cd7e2ce0555c47f978bdd6e4bfaab8d732ba49784f539ca3d60e0114
3253fef20f0c5166f9645e073f2f6feee68e63dc2f4309e42d570514d0f6c4fd
4c5a3e842497beaf824abbd69ec18cd71cd2ecf77dbda4c7a6e2a5f7352a67d2
b759a8ae95fab2245351001450b5cd2d33b61b4e7c348106f54a0a124944b5b7
91a1331471bcb726a481dc15e332d14e2649dc762c157330451df4d9bc006021
8b02ba96ec87f3c39199f743e5fbb6228c0d130e9e25889790fe3cc81b357185
d1cbca73404b854f25edfe23f2786c5f92321e1667c8cf2a20fb1839b8a037cc
4be7978b619b496b76cd9c2ce130d40581059114a3b4cd9f4ea8cacd174edfe2
177f61bfa48c217cc422e861eaca8dfae7de3f4a1877e33f9353cf636415bb7c
e3f3680b816dca675344837d46ee135fb5433254b17271a3274b33a160e11993
7ea4a08d9e1c82e3e01fba40df9281e2f35ad467ba26392ea92424413c059d7f
bd0063fe1e1cbecdc33535ceaa5044eb03f06c940a937536496c47025d3e26b7
844c63ffc44b83cc426a072e3de7652d95eee52c27f09fa8c731d1ad945f9ded
89c5faff74ef3c1d8d82e29746940314b6fb12809efc443f142d551ce3e7cbb1
e5bd90eb156ebb21cf029f3f7e8ac726dcdf3b4978bc173418b0b7c23c4a1d08
3e09f77f00a29530db84b266400430c99fb0073cdf28741a5f770011aaecdeec
eff5cba26e1c6bdd4f1b724b8c9189676b26f26cf04ab4828b81531c51ce88d3
12461b6aea2fba315a8fec6db314e0c4ac42e26baa284597f8eec873f93c8b3d
69d1688d327d9cb45633150968717ad61a4ada3925a234fab2cdac92dbff6815
7cec3a436ae4111943ad840f7a6e545c6b4f28dfd8a56bf8fffe6acde4ce6cf3
966582777aeb85fc3979baf620444aba77efc264981e1a1aa68424154d530c92
058aca80ff1ab81715180110949e2381e91981522452425581d00606160be220
7fcb12b526e6546db0b9d75bfd84822ba3beca2ed1280f4c64908841494043e6
ce65d2b5d7b1bf1b971c7fb946ba2d2f7ddbe14345d7ca03466ac726699af26b
1144a3b3fec349372d577c993fa0882449d23c4ea46241c369bfc0d5bc6dee84
3dde81a1d097372beb288610c1b624c47b2a5501535664ad9aa1ee70a2406a76
d79a07687dd79b55568a119a5ae51c234549ccfe7ad661cb9a86f31478b781e4
71a07b71ff669f94cb3e5062b2aa6c39e38b56ade6b07aeef2ed94f1789d3d86
76db7660bdba4403a3a12c7c31d8dd7decf59697f8dce9f168434ea7fa7865bd
87d0338be24690857df18540c884b0d195c2d861e24dfa116cd514cb6b4c3bdf
ddf3f79086e6a899e10ffd496a77b14cd28ce43e87748fd4311b3314f12569dd
2deeef0eb1dbcb7b926de072f5f65fb30dbe7344b15ea41dbc5a4d6d9375f37d
52de1b1291dafe20582fe5f4692d7b62c634cbc39d217741624c8d1beb04fb07
f4704d4e51e369032534e48f44efdda3fe6659e4179a01516653cb36f7e9c0f5
4fa890797e0e5f04a836fa80fdf9a77cb0d29960f03dfbeac6d6d6076b481310
a5b73f8a0d6e2a9c203a6bc8723e49391c4c078f6038d9d84e198f22f568a5c6
453722afbc37742992c19e4c15f937d3b65bc9036711a354252746847b4a75db
a26bdb5eaa4a3d373960e266d303a0295ca60f43b9fdfe27ddc5de7d911b5796
c9a02c140e2ea951200846576421add5945861575b3df310f41afb3ab6ef3ff4
SH256 hash:
1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0
MD5 hash:
0eec075b66c8ccc27dd977813a42b330
SHA1 hash:
65409b7370c1ed8bece3181cd7d0f961997f4df9
Detections:
BlackmoonBanker
Create hunting rule
MALWARE_Win_BlackMoon
Create hunting rule
Link:
https://www.unpac.me/results/ef56ffc6-5030-48d3-9eea-a3461444bc0b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ed4fc5a162ef0baea1837e9a8633513ae13b7e4832c8c9c4b9690ba485247a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_BlackMoon
Create hunting rule
Author:ditekSHen
Description:Detects executables using BlackMoon RunTime
Rule name:UPX20030XMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.DLL::CreateProcessA
KERNEL32.DLL::OpenProcess
KERNEL32.DLL::VirtualAllocEx
KERNEL32.DLL::WriteProcessMemory
KERNEL32.DLL::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::TerminateProcess
KERNEL32.DLL::LoadLibraryA
KERNEL32.DLL::GetStartupInfoA
WIN_BASE_IO_APICan Create FilesKERNEL32.DLL::CreateFileA
KERNEL32.DLL::DeleteFileA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::PeekMessageA

Comments