OsuVanBypass[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OsuVanBypass.exe
Size

37.4MB
MD5

81b0b9819ab8b9c1d9f32e35cedde910
SHA1

60c5bfd3d308fbf297347b97711cac99c1af623b
SHA256

1b15fd863b0113a8fbccdae6d0bae1dd62ccdd7f5e3974558a5b89995e89cf8c
SHA512

4fc7bfd3e5913674f4107f03da8331b27aec1f45eb8bd5ba4432727f780d38f7931ae488e9f0fa2efbf8e54426bd702ec3ec2ca1bbbd5a2abd751a51a25155dd
SSDEEP

786432:cN9hEUrMXs5nJQKPaHJkX4Crb6l/2tAzmfMH6FjDSjfnBBPUtDG:c5EYMXs5nJQoYOR/6cWzqjDcnvPUtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OsuVanBypass.exe

Files

OsuVanBypass.exe
.exe windows:6 windows x64 arch:x64

48f601328f7254c8badfbaf80caeffe6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueA

kernel32

GetModuleHandleA

shell32

PathMakeUniqueName

user32

WaitMessage

Sections

Size: - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 37.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE