Umbral Builder[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Umbral Builder.exe
Size

79KB
MD5

167dd72296227514957d28fe2dc6da1b
SHA1

218512bce1d25664e2ee4d958d19584e555198a3
SHA256

51aae1daca66464ec289f5b849df8c7430101e010d444db63d4fafab9baad5d1
SHA512

a911e8e5cca0e7424406d95d919bb2c695516b2985513b7cc67c76f7d5c64d88bd68f30aa3b88c2045117f12699fce8d311f678b50c86839a77bba6efedc92e1
SSDEEP

1536:y5TnXqJ1MdYC0NE6BxI2HUxWuFXhIumcu71WPqsVtB2:wTnX21MdYC0NE6BxI2HUxWuFXhIuxuJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Umbral Builder.exe

Files

Umbral Builder.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ