IpVanish[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IpVanish.exe
Size

2.6MB
MD5

268a4827fd35d2c62901e7a1f2113646
SHA1

09bcc2f44c78d886e4e7351b8797acd56c4a7061
SHA256

01cf77a5333585ea0932d3a92128c141766a753d85ac761ac987a5f0722ae053
SHA512

1e70c6e617bab27fe6e7f92a1a12285cd0acb8ff0e09f1e8d502eec4a2d5d4c71c5cf404ac2a26bfcacb9c35aaf9a475896a12984fd1d19af3c020ad7390e032
SSDEEP

49152:O8dR8+RoEA0h3NvT1pqsmk4X/maKXWhW8m5+x23p4zW+fda5LLxfloW:O8dR8+RoEA03T1pqsm7/ddhW8m5+W+zI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IpVanish.exe

Files

IpVanish.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

uNlLf
Size: 2.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

6hna6
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eQwBD
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

tsJQR
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

lK5jG
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

mCdc4
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ