MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 19


Intelligence 19 IOCs YARA 20 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6
SHA3-384 hash: a231a1453a0eae0989836e2c42216e26f7f7092528612309fe0b433f0024ffceea3c4bc2f94d64a6a1b8cb81544750b4
SHA1 hash: ac238d755d3118ccedf823506f0d4ba47be9fc0e
MD5 hash: d252abe5eefc560a301b67c93bf475c7
humanhash: angel-burger-georgia-bluebird
File name:INVOICEGFTEJ.bat
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:965'120 bytes
First seen:2025-04-14 13:10:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 24576:xaQB0B72vdUwNdgOiLRvgsH2RdIsQuaABnWD:Er6UkdJMRvfCdIpuZWD
Threatray 780 similar samples on MalwareBazaar
TLSH T10425020433D9E902C0B90BB89EB1C2B46739AD9D9525E31A5FE93DEF3477B10588A743
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter adrian__luca
Tags:exe RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
445
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
08042025_1548_INVOICEGFTEJ.bat.zip
Verdict:
Suspicious activity
Analysis date:
2025-04-08 15:58:10 UTC
Tags:
arch-exec
Link:
https://app.any.run/tasks/0b9cab21-4b8c-449b-8ab2-332e18fe772f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/2168/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67fd1a64d6e7c3effad2b09e
Tags:
extens micro msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a process with a hidden window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Creating a file
DNS request
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade obfuscated packed packed packer_detected remcos stealer
Link:
https://www.filescan.io/uploads/67fd096d89fec6b88b9c89d4/reports/c95d2b1f-0581-4a02-941d-ed8df4f9d68f/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
REMCOS
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3330ed02-1f07-4a59-8041-82880480e8a7
Result
Threat name:
Remcos
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1664594
Signature
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to bypass UAC (CMSTPLUA)
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Detected Remcos RAT
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Opens the same file many times (likely Sandbox evasion)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Remcos
Sigma detected: Scheduled temp file as task from temp location
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1664594 Sample: INVOICEGFTEJ.bat.exe Startdate: 14/04/2025 Architecture: WINDOWS Score: 100 51 www.vittaconsultants.com 2->51 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Sigma detected: Scheduled temp file as task from temp location 2->69 71 10 other signatures 2->71 8 INVOICEGFTEJ.bat.exe 7 2->8         started        12 ogGNuSdbRP.exe 5 2->12         started        14 svchost.exe 2->14         started        signatures3 process4 dnsIp5 43 C:\Users\user\AppData\...\ogGNuSdbRP.exe, PE32 8->43 dropped 45 C:\Users\...\ogGNuSdbRP.exe:Zone.Identifier, ASCII 8->45 dropped 47 C:\Users\user\AppData\Local\...\tmpC3D2.tmp, XML 8->47 dropped 49 C:\Users\user\...\INVOICEGFTEJ.bat.exe.log, ASCII 8->49 dropped 73 Uses schtasks.exe or at.exe to add and modify task schedules 8->73 75 Writes to foreign memory regions 8->75 77 Allocates memory in foreign processes 8->77 79 Adds a directory exclusion to Windows Defender 8->79 17 vbc.exe 4 2 8->17         started        21 powershell.exe 23 8->21         started        23 powershell.exe 23 8->23         started        25 schtasks.exe 1 8->25         started        81 Multi AV Scanner detection for dropped file 12->81 83 Injects a PE file into a foreign processes 12->83 27 vbc.exe 12->27         started        29 schtasks.exe 1 12->29         started        53 127.0.0.1 unknown unknown 14->53 file6 signatures7 process8 file9 41 C:\ProgramData\yffhjs\logs.dat, data 17->41 dropped 55 Contains functionality to bypass UAC (CMSTPLUA) 17->55 57 Detected Remcos RAT 17->57 59 Contains functionalty to change the wallpaper 17->59 63 6 other signatures 17->63 61 Loading BitLocker PowerShell Module 21->61 31 WmiPrvSE.exe 21->31         started        33 conhost.exe 21->33         started        35 conhost.exe 23->35         started        37 conhost.exe 25->37         started        39 conhost.exe 29->39         started        signatures10 process11
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6/
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2025-04-08 10:22:37 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
30 of 38 (78.95%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5y4ndmic2sppwey6nbxwpi2jtm26wtsbf3mmtplkl7ukeizawpla._file
Verdict:
malicious
Label(s):
captiveaaloader
Create hunting rule
unc_loader_037
Create hunting rule
remcos
Create hunting rule
Similar samples:
11d67ce2068437cce35f0b601119ebd071921f536daa8a5afff7c4d03ff1a4bc
RemcosRAT
4af2c738b8b2cc2a5ffdc33dea46b4e82582d32c95af28456127991bb1b50e09
RemcosRAT
76a9a68e8da599c81f44d2a43fb4fe5e5e4d2e6c5881ccf775ecd665c16939d8
RemcosRAT
9ff30e39c38ae46ea0f2ab5017fc68e32580aa9a8d7a237f98ecd5c3d8fefc34
RemcosRAT
b69b9806518246a9db6ae7d892b6d20b3b2c3381851def105fc5bcb049e717fb
RemcosRAT
e4200fd701c07fcb6e170a60baddbdeb0963f72232a2d8c2f14f1cd59853c593
RemcosRAT
ea3d846cce6aa910a7ff04f5908946c735f94c41576c4cf44ced9c6304491861
RemcosRAT
+ 770 additional samples on MalwareBazaar
Result
Malware family:
remcos
Create hunting rule
Score:
  10/10
Tags:
family:remcos botnet:remotehost discovery execution rat
Link:
https://tria.ge/reports/250414-qe1k2axnx2/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Uses the VBS compiler for execution
Command and Scripting Interpreter: PowerShell
Remcos
Remcos family
Malware Config
C2 Extraction:
www.vittaconsultants.com:2556
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/aefa75d3-347a-4225-b1cb-e851bc7c3808
Unpacked files
SH256 hash:
d6a86a1956e5eac22c689e5e4f970f073b1a07b8e6d0241a3c37d9c1f6aa7884
MD5 hash:
3b6751ed9b8af1c7ddcd27d53afe20d0
SHA1 hash:
63036dffe5357274bdec641cdc3764b2cc185696
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/04da277e-fd26-46f4-a0b7-6ceced7e3525/
SH256 hash:
d1565b7e500f1d93873d3a5d622385a03278f79dbb35281ab4aea1896e2ac030
MD5 hash:
af69bcbcf5c38f9e1b050b199a8a0d3b
SHA1 hash:
7d5b9e7c687e091651b5aac0c0196e1ce82516c5
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/04da277e-fd26-46f4-a0b7-6ceced7e3525/
Parent samples :
2a70db0a80475b95076e3ac773bf31a512eac29e3bc6f2742146815dd209f5e9
804ca58e99fe47f33eb0ee7db9b0e4794dbe30c165f219bd85884f0f84ac7846
8a83249f26da9d22a6f3c1de677e98b4872368f013d21e87391417bf31da0b98
af33ab150d8a4076d522d235ff3b77508ec19e52b6ac17bdb6eccd842f6babc4
a6d1bf193f5a5f2f6f9e766dffb51b66122e96dc8d2b76c3674fe2968d32c811
41d7369f717e33a88918da397a21fdc2a1db9c76629b7d5c6be1786f8cee9d5a
a05882d8e179d3a1a3ac69ce4b81bc72ee80f026d921e2598a5eddefd803511b
1b9ddbe7a21e44c82dc78c8e8361baca31adea4d8a8e673536b249b46305860c
2c815316f091040c2f89bcbaae0464cd89a9bfd5225f917ac01fabb9136a3fd4
fc523562bc368e6ab9c0106a1f3d6e23c4104f120c65c65b9c9adb2ee57c63ca
fd4c4d051a2d6a69a40e1e8f2f4a1cbcd54a4f27fd7ab4843452c98611aad9c7
c7d5e01e287cfc5c4c967c1ec895659bf25a80fbe8266a87f083bc80ddc82cce
46b9ea7cdf572a0e0128450f141ab2c31922dbbea4b632401fe42d85ba21cbcd
88d63b81ce4d25ca852251449940416ac2a8c61f5cf4a452ab690d26dc372876
72be9fedc41813b76d9a0707925542a7919f9192ca9cdc8ef82b952dce22da4f
4ac15244ddd64dbbf277c8d20628a9593dc0df8feafd932a7746d1b99c2ba826
17445fc3b78c7a08d5c4bc4164d04f99a4906ca50fc7552c1420c9efbebfe215
ef31c771e1f44656fdc9e84c3745d8bef369879697c144110edac6b814878ee3
071ecee4bd6564ec46147d2cf3f94c230f6da364a7eca4305e2f69f56e8ac4e4
30d5fcd7da81bc0b8d77d5b3547a227bac06bc781990f528c0bd78d696235779
90c33f008fb667cf96ff92b14f8834e702e3f4444d195328c9be186e801e6823
4dce97ef955a132177e7043fc0d11e35c3e1d03f833b3b30951d7b2ce6db735e
094c46819bcd5e6fb0d7cc1415452e1ad1654da29a54685ecb8f92c751bb0822
d3b0e954250d481d37ce371255c6eb7deb4bb53c1784f2a7111487bb42f4ee5e
1ebc38bc1bd49c8564e94d2242c4deed0bd0d69c0086ab7cc2dc180c77a989ce
b4391a76a1e786d93c45cb78576609d9f75ce63d9253edac9c66ef921b5a7de6
909759c61b9cc4ea2307f313c5d944e3cc6c5210aabb7d53477262b725aa086e
15a7845256801920c72d8eb0b8be091fc8e6bc2461bf1cc53db2cf2b3c76b315
53fbed42c919ae2818899979a637b0d9d9b7df437ee239c2bc60945053b9ed07
82ebf6faf3f97b1fdc2508ef2fb4c22c5e39bd2572c95d358574d2bfe280aa3a
dbb10cc6fb3fc9fca393ff312d53af0d938aae2099e23dd69d1fb9ce6828f3b8
f8984264632a0aba48bcd90967988aa1d2c10f9381d00abc08456431ea46d208
e594f00895dd29d763379ee4aa87c6004e811385f71077959674c4ef636f5a2e
761766237d7a8d58a5cdf2aa5ccace247b724d033d3196bc441c6a9c31717561
b1e2b8b0806852aa586a0491fc91a832babfff3882eaed12a6b7d2e7b776d4c4
b259302d7ea5bfb1f2ad8f50e8de4df48d96021070ee77c5b7819583ec43f372
6bb21551577d98edc3a3c4db8d941258f86c89db185fa2095f54ad4944a62b87
0ca81feea4b45d3c004c6f98c4d092227dd5c0a32044f19956117f9ee4dbc749
0103b1c78fd2b588d3df5c688369fce8621e8c22d3207faaa1e8404c0ac860c9
f2392e04e5ffb9bcee95ce763a7686322a9abd7210af28ef3f653402515a6013
8357f957b093fda087166e77b0e6a59d8d0d2fde1002d0be9ce5f99db26d63bb
be4448d373ea201e390e0bb158bba4f3ceb111ff37cd586c770a3d0e887d5bf1
c36369fab2df20ecfe48904d1e740c361fbf72f7f06221cefcbb1586d696506a
f91c4c7fd22d1d1ad83e7b8984b7b317689c6c75b3dc5ad29292a72161ab2164
d00a21bc17cc36be9b55a6c36f6c51e3f8f5300bfcd80246cfaadc4d3b638a99
db54fbe35d83bb19deaf215649ce9c33974913b4a03fb0060f6afec3a33d1d42
2fa30c4928317befeb052607fb0181fbd4be52f5b2c37cbe4bdb42e743355449
b155dd58a04167ae2b542b3e84c60e2761bd66e7a96f66476d5568b84b801936
c7bdef6f72689a3279cfbd4a47882019055e0138cdb2ab229cdb96f9ed541196
1630e8b9995d554a7b791dfa929f77c659c48e0358008fb7eb66fe54d63d86b3
2bc972f3ec09f8d1bdc1b25a3fe57db9a08577117d3a0d0ce5e5282e976d9111
5506f23308b0b3dff288866ab0b560f2fe5d61f53f4730428ab145f5ee033f84
8734c94b5ebc9260065d6ac359500b8f17f290be6c74bb72b9c0cacccf9b7d63
dbbf0fd1d25e6411faddab4b2f689dcffd04ce06642e1319f9d6fb00a2c343ca
b8c36a5b681b071cc8c8a34fa1d1656b705dbe1f433706b386b78fd73ef6e884
bd786fd63a731d3b49654aa94045c0b9c11c5c7112636befa6ecee7ff91d4c51
99af728a80e56652b6622bc371fd9a6cc4702e2c5598918c42eee05681850d2b
a9d818bc38d2a84ff40e54a062a9fba01a0648300fb1a892432547bc5b85e158
9c50c6516f166d7975bfb56b0a41cffb52844eb63c1c9ef2fd3502305d075a96
ddbf042dcfbeef6cf190530ca077b62d1366ef54356d0ed63814e8b9b07ca8de
31699232fd5243c9ed94a774b8b36fe40211590ba9460d8eca4251c24618beb9
5d8ae2e91d0e7c2dfb51972bc8f825ed37a76ab49d70809a446bcf3dd9dc9759
c0834472538b4521860ce0d38b7fb302e06da7fb0f328d2ce1614b176b44f5f9
c90b2d72296b49c72b221773c6fcc65648e0f0aa7ffc62611681c9cd07e6bf32
84d88aa331513f6d7e41095e2187e4571dd08b9aedd52202dbb39fa1e9fd5565
ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6
e1c7a0142096027135342d53d50e982ca0db4683cb578fa7528f7da6394397d6
59c68aa4d3b5e77347aa69a31f2592220359ff8f45c18bf9ef5ad047e072534d
3eab5d3870693e704bdf913c10eb1b7a2a9dfbc3e85c58d2e3685ccbb5a1114a
6714c82529a444b8ce3f8bfae085604f2618954394d7812e68f473ebfca78a26
a6595037149574b9ef6ac2be554fda95aef17dac424a214f8582031112a43f56
dd762de25b94a493d115906421412af660db77916a2a09baa40be5a9fcbf63d1
d5bd67edddb02aaf59ac0743bc2ad8fe235ee8b4cda045e2475193cb8ccca8ff
SH256 hash:
55b52b7ae7f73f1a94bbc8492fad44acf81a69fd79eb791dd3ea94c5939b6c2a
MD5 hash:
e216451b1b0546ac24297a08438368ad
SHA1 hash:
e9dc7ef80df8f2cf0be7fd36dcf66c533bc6e754
Detections:
win_remcos_w0
Create hunting rule
win_remcos_auto
Create hunting rule
Remcos
Create hunting rule
malware_windows_remcos_rat
Create hunting rule
win_remcos_rat_unpacked
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
Create hunting rule
Link:
https://www.unpac.me/results/04da277e-fd26-46f4-a0b7-6ceced7e3525/
SH256 hash:
ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6
MD5 hash:
d252abe5eefc560a301b67c93bf475c7
SHA1 hash:
ac238d755d3118ccedf823506f0d4ba47be9fc0e
Link:
https://www.unpac.me/results/04da277e-fd26-46f4-a0b7-6ceced7e3525/
Malware family:
Remcos
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ee38d1b102d4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:iexplorer_remcos
Create hunting rule
Author:iam-py-test
Description:Detect iexplorer being taken over by Remcos
Rule name:INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
Create hunting rule
Author:ditekSHen
Description:Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Remcos
Create hunting rule
Author:kevoreilly
Description:Remcos Payload
Rule name:REMCOS_RAT_variants
Create hunting rule
Rule name:Remcos_unpacked_PulseIntel
Create hunting rule
Author:PulseIntel
Description:Remcos Payload
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Windows_Trojan_Remcos_b296e965
Create hunting rule
Author:Elastic Security
Reference:https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set
Rule name:win_remcos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.remcos.
Rule name:win_remcos_rat_unpacked
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects strings present in remcos rat Samples.
Rule name:win_remcos_w0
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects strings present in remcos rat Samples.
Rule name:yarahub_win_remcos_rat_unpacked_aug_2023
Create hunting rule
Author:Matthew @ Embee_Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

Executable exe ee38d1b102d49efb131e686f67a3499b35eb4e412ed8c9bd6a5fe8a22320b3d6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/2168/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments