Navalny-WP[.]exe | Triage

Sharing

General

Target

Navalny-WP.exe
Size

938KB
MD5

abde72bbbe3a4e9aefac2613cc1fb1d8
SHA1

37e233800c07ae09de6f08b0beae552bb3cab69c
SHA256

d3c019f06f8e399fb76c9e778bbdf97f51e00cf61f0bc04c6811fc03f9fd25b5
SHA512

64c849e91ec0042de899d033d8e704708d4546bf46283545c4e88d36d5e1c453291ac2e128b27ba62014702b699e55a0ef47bd147747bdb0bd4f23006d957595
SSDEEP

24576:CXm3qYpzlRun7eDGy8koxw0Qk8YUWlrhzJzAXz:CgqYpJK7eKkoxDjUWldzNAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Navalny-WP.exe

Files

Navalny-WP.exe
.exe .vbs windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 929KB - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ