550ce8dead622c14e2858908273e6116

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Oct-15 20:10:13
Comments
CompanyName
FileDescription Seatbelt
FileVersion 1.0.0.0
InternalName Seatbelt.exe
LegalCopyright Copyright © 2018
LegalTrademarks
OriginalFilename Seatbelt.exe
ProductName Seatbelt
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): .NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • control.exe
  • msconfig.exe
  • mshta.exe
  • regedit.exe
  • regsvr32.exe
  • rundll32.exe
  • sc.exe
  • schtask
 Contains references to internet browsers:
  • chrome.exe
 Contains references to security software:
  • belt.exe
  • sahagent.exe
 Looks for VMWare presence:
  • vmware
 May have dropper capabilities:
  • CurrentControlSet\Services
  • CurrentVersion\Run
 Accesses the WMI:
  • ROOT\Subscription
  • Root\CIMV2
  • Root\Microsoft
  • root\Microsoft
  • root\Security
  • root\cimv2
  • root\standardcimv2
 Miscellaneous malware strings:
  • Exploit
  • cmd.exe
 Contains domain names:
  • github.com
  • https://54.92.196.162
  • https://54.92.196.162/
  • https://github.com
  • https://lolbas-project.github.io
  • https://lolbas-project.github.io/
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 550ce8dead622c14e2858908273e6116
SHA1 1ceefa652c6b3ef359fcb335c7dbe0e0366d2af2
SHA256 b5e6a1913eade2b8d24b6612aeb7ab5ab9a34778a91cd17d2b6144a06404d265
SHA3 d4c7c914bb06f81dfa853625630866b38b4209a234798c14f229931d969e1a82
SSDeep 12288:d917niCBVEspiu7hLtvh/m+w9j5S7yDXzKR/xNK9aVR98bSrBBHoz++A2WsjK3K:Rni/MnaBWix
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2021-Oct-15 20:10:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x88200
SizeOfInitializedData 0x800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0008A116 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x8c000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x90000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bc25fd4a210d2cff561ad289e0e15dcc
SHA1 6e75a00b1eb9cf9e5f4c41887e1ec69f34e9bce3
SHA256 d32506de35d32961a9f682fef3a8bddfcd6796166783f03564cc6551173b5cb1
SHA3 39c4e12c63945ca5c41700c91cdf3c00cb3b33375fd7877fbab2d72b00ddf1f7
VirtualSize 0x8812c
VirtualAddress 0x2000
SizeOfRawData 0x88200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.91542

.rsrc

MD5 559378ffafcb9e96670b3741a2850079
SHA1 91e1e22a54312c6433ef386a227650667258c36a
SHA256 631615b705f4f8e0ec97fd7a9d86525e80ef459d58cb17ead991409766996f98
SHA3 b4c811aa25afd6a8b5accc382365f6022ddfe4a15bafeba6056601df2c3d9f2f
VirtualSize 0x5ac
VirtualAddress 0x8c000
SizeOfRawData 0x600
PointerToRawData 0x88400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.06332

.reloc

MD5 fc790cf8bbb7444c0d3c3a74297db97e
SHA1 76883bcca27e97ac40b38f3effad4cad68ef8dae
SHA256 2c10366ac7d477844d0ec23d19a047f103a76c73bd77f2df142dc6e94d194234
SHA3 458ab949f4401ed280c6dd9418c150e27ee6aa15e786e499dbf0be6387d57d58
VirtualSize 0xc
VirtualAddress 0x8e000
SizeOfRawData 0x200
PointerToRawData 0x88a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x31c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2322
MD5 f9f17fa9be450a2a9d2fdb6d97fd87a9
SHA1 69b75a6b4bdeaac1df9370d61db0b79ca3c75f4f
SHA256 fa249ce9cb6519fcfdc1225c9774dc375b1e66fdda7b4d95e776cd02d5b05854
SHA3 1604ec5b272944ff846a38a79a0cf797773bcbbf95f48fc48fdbf55f582d6c07

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription Seatbelt
FileVersion (#2) 1.0.0.0
InternalName Seatbelt.exe
LegalCopyright Copyright © 2018
LegalTrademarks
OriginalFilename Seatbelt.exe
ProductName Seatbelt
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->