Ambrosial[.]exe | Triage

Sharing

General

Target

Ambrosial.exe
Size

15.9MB
MD5

e3635a875aa0817f0e29544ad9ff84b5
SHA1

fd65adfd5be0391790442dc1b4d21b7ee4be271a
SHA256

b9c94c4a6dca1b5a42b05e4814838a9281768ba9267803a554c23b68c0665b0f
SHA512

132ee0718115097a6b9afc2368bf652d8b04207a6822a9a9e1900bc2921d3b8de384a40eec326e1662bfd7216b29cbe85ceeb8a7d49fe8ed293c4360b8115f0a
SSDEEP

196608:zkIxsIO2gfRMhSE8/Erd8QP+ih91q1odTAIRq+2vBQ:zkIuIO2gfRMYbcr6QP391qefB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ambrosial.exe

Files

Ambrosial.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\buildslave\win\64x\ambrosial-64xR\Ambrosial\Ambrosial\obj\x64\Release\Ambrosial.pdb

Sections

.text
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ