D:\source\repos\Chernobyl\Chernobyl\obj\x64\Debug\Chernobyl.pdb
Static task
static1
General
-
Target
Chernobyl.exe
-
Size
418KB
-
MD5
f5007f18070e9cfc0b23c5ebb25c4468
-
SHA1
cf430806009fe87580705a85474a8604c84292fe
-
SHA256
18f27d42b09fe462af83c3ec3e82842e09a7db2e9c69cb6044e977b7af87a3c9
-
SHA512
7b9de630ea04314813895e2dc8908429bc393f2a7c0dd50ed1ac7802f8ba3d36998886bd9da3dd7c857a992dd9aecf016eb55a0cb33a3b234fa1e3137f094c50
-
SSDEEP
6144:kibkUpo02222222222222222222222222222222222222222222222222222222u:ytH0NOZzv4TatsNqaJx
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule sample disable_win_def -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Chernobyl.exe
Files
-
Chernobyl.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 302KB - Virtual size: 302KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ