ventawaytg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ventawaytg.exe
Size

443KB
MD5

1f13db09f1eb7dba181e6971156685fe
SHA1

b80831676a670e64658d9d844527c17a3eedfc8b
SHA256

af30f8e8db6c2054d25e82510b102640a94375124ba644825f68051389f31bb3
SHA512

af437226158acf7398dbae503e285e89601b1adce7095967bbecd3aa4c8084209b784956ae4b20203ba5cc6fa62ca2a0c6fa8415c139420e63653359a60e9ef6
SSDEEP

12288:KKPjdhAUJFWom+J1TmWkFFIPq7bF/dsdAdA/Th6gfCP:VJhjTm+J1TfQFowJdJ+TFKP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ventawaytg.exe

Files

ventawaytg.exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 429KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE