S[.]T[.]A[.]L[.]K[.]E[.]R[.] Shadow of Chernobyl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

S.T.A.L.K.E.R. Shadow of Chernobyl.exe
Size

26KB
MD5

aeb814c4e7bc4af9763af641572235ea
SHA1

9bbbba8c58d77ae3725042df4500bc6423851818
SHA256

1c4ffe3c79cceab3cb88e3ddb8b6e4f98d5a90d369032b3eec9d2b8ad343739b
SHA512

8d89fcc89ef94b2d88446a8458a35685afb00f8a16c0b02c3b57accbff8ebeb3782d7d7a78e2c6581c6def8ec0fd42a5185e18091fe1b52c31c1263a78862bcc
SSDEEP

384:qbnpyme2LENyQ+WvnhpXIeklXoaQ3+E3RBg8vOCtbEiqiUAS9KGawy53vTalA7Iq:GBeQ0y8vnHXIzlJQ3+ETjtoiqikKGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
S.T.A.L.K.E.R. Shadow of Chernobyl.exe

Files

S.T.A.L.K.E.R. Shadow of Chernobyl.exe
.exe windows:1 windows x64 arch:x64

4e184f00bf6c133ec0e6c316eff1b239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

MessageBoxW

Sections

.MPRESS1
Size: 21KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE