warthunder_15[.]37_01[.]05[.]2023[.]exe | Triage

Sharing

General

Target

warthunder_15.37_01.05.2023.exe
Size

13.7MB
MD5

d91f565680986343b311a8c9a404bacb
SHA1

bfac81722a2fc792900417f4e008ebf56e8f864c
SHA256

d290e5c55cfe6febefc8f5c143bc820d835aba8d650f7daa501e8c001408c807
SHA512

ebe2425d98a6ba2c614165e81a874883150517e5fbfac63efe11f9c8a120b777eac3c156b50e5445b6c521c10ba6bd2eb03d952a92ef00ef91fc9dff03ac7bf2
SSDEEP

196608:L2j4TY8U8rvYInZUAEm25wCjRP4ea56H3mNSR0SAVhU37IAHrNN6X3WdHrWRPFEB:lYXJAEmMjRP47aAvVOvi3W5rW7ER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
warthunder_15.37_01.05.2023.exe

Files

warthunder_15.37_01.05.2023.exe
.exe windows x64

1c9e07af67348622700778228d2e8f08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_0
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_2
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ