Umbral-cleaned[.]exe | Triage

Resubmissions

04/06/2023, 03:59

230604-ej6gasbe7s 3

04/06/2023, 03:58

230604-ejjyasba35 3

Sharing

General

Target

Umbral-cleaned.exe
Size

223KB
MD5

97a237fd9e22acce149cafd5b86cbc7e
SHA1

6a477f60c1cd6e30c4f9aad1a00caeec9c6bbe2f
SHA256

e9c937ef107481e1f85eb5dc515f554d0359d5306673c13c9f215eeabc63b130
SHA512

ae57f88223f2388cdc6ef567e9c3e42ab5055e96bf9804f1fbb6c71c1adc114ad2d637ddbbd413343f6dd87dd100267592b0e0f2268478e211d1590130c27d35
SSDEEP

3072:3ozhYc2Sayh60L6ccHjbIs0FliCZYkq1LL+CivmNbuDSEcCep/toYXXcGTSY4Uc:3oqccd0LgMriCZY1/XlsD7fep/t3pS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Umbral-cleaned.exe

Files

Umbral-cleaned.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ