venus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

venus.exe
Size

13KB
MD5

799db11cbd73e355902ca0e9611a2055
SHA1

98cdb0ecc8ea2dbba95b99bd73a6f6a357123216
SHA256

794f4075e654255924fd2c50051127786ef5fef1fb57bb7e216ade23044d9873
SHA512

5d6920fa75c2723e03cef6ee9575948fa445db6e3ea5d90ea8ae366fa9e25f31c6e44e327e0812c570fa6c31f9fe714aa5a078eddfdf0dc42dccbfb5f404e2ba
SSDEEP

384:hMOtk/QNYjKZsq9Whjd8Hz2mu6gWN5ZrLrpDzjzDrenN8ouU5+2Pj/:hMOe/QNYjKZEhjmT2mTTN5ZrLrpDzjzD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
venus.exe

Files

venus.exe
.exe windows:5 windows x86 arch:x86

f83bf100c98890f10c19c797b5acf4d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateThread
UnhandledExceptionFilter
WriteFile
TerminateThread
Sleep
CreateFileW
CloseHandle
IsProcessorFeaturePresent

user32

ReleaseDC
GetDesktopWindow
GetSystemMetrics
GetDC

gdi32

DeleteDC
SelectObject
PatBlt
CreateFontW
TextOutW
SetTextColor
LineTo
CreatePen
MoveToEx
SetBkColor
DeleteObject
BitBlt
CreateSolidBrush
Pie

ntdll

NtRaiseHardError
RtlAdjustPrivilege

winmm

waveOutWrite
waveOutClose
waveOutPrepareHeader
waveOutOpen

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ