5795ff158851aae2af569294360ec288_vabushky_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5795ff158851aae2af569294360ec288_vabushky_JC.exe
Size

54KB
MD5

5795ff158851aae2af569294360ec288
SHA1

156db52e7ec41918aab2802af6fbd0fbebd7b150
SHA256

3cab7f0cb5ed39c89eeeb3245c0a115b96adc234751ab19c44751cfc1ac23a9b
SHA512

127a79ff334a13d4a60c9cd5405b0d2a8650e2c2e9f61a8b6572a71ebf5977a2a4c6de0d7133e8fc8bae5baac951db3ae22de772f3029fb52e40904d0626bdd0
SSDEEP

768:iGwwi3kNYsGVnyM69cgFeyat3zBGwvnZXUk+EjeOScG3u/fClJM43FrGIgaEPC4:iGMo36pxZUk+OeOSc/Mn3FrGI14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5795ff158851aae2af569294360ec288_vabushky_JC.exe

Files

5795ff158851aae2af569294360ec288_vabushky_JC.exe
.exe windows x64

27866758e2384000aa4db66838a6893d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

strcat

shlwapi

StrStrIA

wininet

InternetOpenA

imagehlp

CheckSumMappedFile

version

VerQueryValueA

user32

GetDC

gdi32

EndPath

advapi32

RegOpenKeyA

Exports

Exports

Inject64End
Inject64Normal
Inject64Start
UacInject64End
UacInject64Start

Sections

.MPRESS1
Size: 50KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE