Umbral[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Umbral.exe
Size

217KB
MD5

b12954cc4ef17d9afd6dfd00580c93ac
SHA1

6b0d4e86a5dc901f4a67f28eac54ceaf41cf950f
SHA256

5c44deb2c986c9685b6c79d61e2d71d8bdd27f0b20959b930340b1fd352562a4
SHA512

e8a72a318e2dcfc62141d05bc1b1343f990a3abb93189e7cd3f87a4647caf54710c278d0f552d176a25451489ce88cd2699f25f13bd74d99b5334566d967973e
SSDEEP

3072:ZmpcjvqySgPAY+D9Cocawot18PeXQB60IHki0sMXSl8eN7sIpMXXcGTSYW:kcWoPAjRrt18FZIHk7y8eNYIypS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Umbral.exe

Files

Umbral.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ