WBorisXGTModder paid[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WBorisXGTModder paid.exe
Size

227KB
MD5

5d53d4fe38caeeef9d16f713a935ea9b
SHA1

f7d9a0e684c269058f8cdd98d3294b4a7386a4b1
SHA256

5b2a4879f6e2901f52e61fe36ed88f08a6a3f78b9b181ab599de5301e5fbc8c0
SHA512

4b8b9d334dee026c39561c4ad517678c6690e6009821b5323f4e0f6b7d50645210c58cef73666ca6e711b58dbb2008b021723ca30130e2156988046ab15557aa
SSDEEP

3072:dIewjolnvnF0NyjIfh4c8CBBhf5uJtaVZFbV7/RKTeu:KUL0f5uuV3V7R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WBorisXGTModder paid.exe

Files

WBorisXGTModder paid.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\trevi\Downloads\INJECTOR_PUBLIC_UPDATE_2\INJECTOR_PUBLIC\INJECTOR_PUBLIC\obj\Debug\WBorisXGTModder paid.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ